DeepSeek-Built Ransomware Runs Inside Browsers

Get the Geopolitics newsletter
Daily geopolitics — wars, elections, sanctions, the diplomatic moves that move markets. Free.
- Check Point Research discovered a Python Flask sample uploaded to VirusTotal on January 25, 2026, tagged "deepseek_python_20260125_da0631.py" and self-named "InfernoGrabber v9.0," that uses Chromium's File System Access API to perform in-browser ransomware — the first documented case of a frontier AI model independently bridging a theoretical browser-only attack into a working chain.
- The technique works on Windows, macOS, Linux, Android, and Microsoft Edge on Windows, with iOS the only platform where Check Point could not reproduce it — Check Point's Pedro Drimel Neto said the attack surface is "wider than initially thought, affecting the vast majority of desktop and Android users."
- Disguised as a Discord avatar AI upscaler, the malware also steals Discord tokens, credit card numbers, crypto seed phrases, keystrokes, webcam/mic feeds, and displays a Bitcoin-demanding "WinLocker" screen — while the exact prompt that generated the sample remains unknown.
- Of roughly 3,000 files Check Point attributed to DeepSeek over the past year, 1,383 were classified as malicious or dangerous, with the researchers noting DeepSeek has lower refusal rates for harmful cyber requests than Anthropic, Google, or OpenAI, plus free web access and availability in regions where Western frontier models don't operate.
- The attack uses a phishing decoy to trick users into granting file system access via the picker-based API, then enumerates, reads, exfiltrates, encrypts, and overwrites files — accomplishing all of this without a native payload, a browser vulnerability exploit, or root access.
- Check Point's Eli Smadja said the finding represents "a fundamental shift in how novel cyber attacks are born," arguing AI security "cannot rest on hoping models refuse the obvious malicious request" and must assume future techniques will surface from AI hallucinations rather than human research.
Why it matters: Check Point's finding breaks the assumption that browser sandboxing blocks ransomware: the File System Access API attack works across Chromium browsers on Windows, macOS, Linux, and Android with no native payload needed. Of roughly 3,000 files Check Point tied to DeepSeek over the past year, 1,383 were malicious, and attackers are already choosing models that cooperate with harmful requests.



