Close Menu
    What's Hot

    Why even executives need a side hustle

    The European sports host with the most – Live Updates

    UPS Did Not Tell Inspectors to Check Failed Part in Louisville Crash

    Facebook X (Twitter) Instagram
    Trending
    • Why even executives need a side hustle
    • The European sports host with the most – Live Updates
    • UPS Did Not Tell Inspectors to Check Failed Part in Louisville Crash
    • Women’s T20 World Cup: Nat Sciver-Brunt overcomes nerves as ‘close to complete’ England book final against Australia | Cricket News
    • AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android
    • MAGA Base Stays Quiet After Trump Reports Billions in Personal Gains
    • Trump’s Huge Windfall Has Few Known Global Precedents
    • World Cup Updates: Portugal-Croatia Helps the World Cup Say Farewell to Toronto
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

    adminBy adminJuly 3, 2026No Comments6 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android
    Share
    Facebook Twitter LinkedIn Pinterest Email

    AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

    Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining “unrealistic browser-malware concepts with a real browser capability” to turn it into a working ransomware technique that runs entirely inside the browser on both Windows and Android devices.

    “This is the first documented case where a frontier AI model independently bridged the gap between a theoretical browser-only ransomware risk and a practical, working attack chain – surfacing a novel attack path that defenders had previously dismissed as unfeasible due to browser sandboxing limits,” Check Point said in a statement shared with The Hacker News.

    “The expertise needed to discover a new attack path is no longer the bottleneck, and defenders need to account for that shift now — before threat actors operationalize it at scale.”

    The identified sample is a Python Flask application named “deepseek_python_20260125_da0631.py” that was uploaded to VirusTotal on January 25, 2026, with the Google-owned malware scanning service describing it as a “fully functional information stealer and ransomware toolkit.” It has been named InfernoGrabber v9.0 by the malware author.

    Cybersecurity

    The application is designed to operate as a malicious web server that lures victims with a fake Discord avatar AI upscaler, while stealthily running a wide array of harmful actions, including stealing Discord tokens, harvesting credit card numbers and cryptocurrency seed phrases, logging keystrokes, and capturing unauthorized webcam and microphone feeds.

    “The code includes specific routines for browser exploitation (targeting CVEs like CVE-2023-4863), data exfiltration via a hard-coded Discord webhook, a ransomware ‘WinLocker’ screen demanding Bitcoin, and an administrative dashboard for the attacker to manage stolen data,” according to VirusTotal.

    The findings come as artificial intelligence and large language models (LLMs) are redefining the cyber threat landscape, enabling threat actors to abuse the technology to develop malware and exploits. The use of DeepSeek is noteworthy as it signals that the Chinese company’s models have lower refusal rates for malicious cyber requests when compared to its Western counterparts from Anthropic, Google, or OpenAI.

    Other factors that may have facilitated the use of DeepSeek is its free access via the web interface, availability in regions where other frontier models do not operate, and its ability to generate a working malicious application from a “single broad prompt” as opposed to models from Anthropic or OpenAI.

    “DeepSeek models can turn high‑level malicious ideas into concrete, complete attacks with less expertise than competing platforms,” Check Point Research said.

    The Israeli cybersecurity company said it unearthed the Python artifact as part of its analysis of about 3,000 files attributed to DeepSeek over the past year. Of these, 1,383 samples have been classified as malicious or dangerous. The Python malware is an instance of what’s called In-Browser Ransomware that implements a browser-native technique not encountered in real-world campaigns in the past. The exact prompt that was used to produce the sample is unknown.

    The attack technique entails using a phishing decoy to trick a user into granting file system access to a web page, which then enumerates local files in the selected folder, reads and exfiltrates their contents, encrypts and overwrites them, and finally displays an extortion note to the victim. What makes this more unusual is that all of this can be accomplished without installing a native payload, exploiting a browser vulnerability, or requiring root access.

    It’s worth mentioning here that the approach is limited to web browsers that expose the picker-based File System Access API. This includes Google Chrome and other Chromium-based browsers across Windows, macOS, ChromeOS, Linux, and Android. There is no evidence that the browser-native ransomware pattern has been abused in the wild.

    “Our testing confirmed the attack works across Windows, macOS, Linux, Android, and Microsoft Edge on Windows,” Pedro Drimel Neto, malware analysis team leader at Check Point Research, told The Hacker News. “The only significant exception is that on iOS, we could not reproduce the attack there. Since the File System Access API is implemented in Chromium-based browsers across these platforms, the attack surface is wider than initially thought, affecting the vast majority of desktop and Android users.”

    Cybersecurity

    Another troubling aspect of AI-assisted development is that it not only lowers the barrier for bad actors to generate offensive code, but also the fact that they do not even need to know such a file system access API exists in the first place, or have the technical expertise to abuse it.

    Put differently, entering an overly broad prompt is enough for an LLM – subject to guardrails, or lack thereof – to formulate a working attack blueprint from an abstract malicious request. When a user with limited technical understanding outlines unrealistic requirements, the model, in its quest to satisfy them, can generate hallucinated outcomes, surfacing unusual techniques in the process.

    Drimel Neto said the research demonstrates that even broad prompts can produce hallucinated but functional malware, and that LLMs with lower resistance to harmful requests are “significantly” easier to abuse. “Threat actors are actively selecting LLMs based on which ones will cooperate with harmful requests,” he added.

    “What we are witnessing is a fundamental shift in how novel cyber attacks are born. For the first time, we have evidence that an AI model can independently reason across legitimate platform features and surface a working attack technique that humans had only theorised about – without the attacker ever knowing the underlying API existed,” Eli Smadja, head of research at Check Point Research, said in a statement.

    “The barrier to operationalizing complex attacks is collapsing, and that has profound implications for every organisation embedding AI into its workflows, and for every mobile user who now carries their entire personal and professional life inside a photo library. The future of AI security cannot rest on hoping models refuse the obvious malicious request; it must assume that the next attack technique will be discovered not by a human researcher, but by an AI hallucination that accidentally got one thing right.”

    Smadja is also urging organizations to prepare by hardening the delivery layer, rethinking permission-based trust, and treating every browser prompt as a security decision.


    (The story was updated after publication to include additional insights from Check Point Research.)

    Abuses AIGenerated Android API Browser Chromium Linux macOS Ransomware Windows
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleMAGA Base Stays Quiet After Trump Reports Billions in Personal Gains
    Next Article Women’s T20 World Cup: Nat Sciver-Brunt overcomes nerves as ‘close to complete’ England book final against Australia | Cricket News
    admin
    • Website

    Related Posts

    Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

    July 2, 2026

    Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

    July 2, 2026

    FBI Seizes NetNut Proxy Platform, Popa Botnet – Krebs on Security

    July 2, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Why even executives need a side hustle

    The European sports host with the most – Live Updates

    UPS Did Not Tell Inspectors to Check Failed Part in Louisville Crash

    Women’s T20 World Cup: Nat Sciver-Brunt overcomes nerves as ‘close to complete’ England book final against Australia | Cricket News

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by