Connect with us

Security

Tech Terror: The Sinister Exploits of Browser Ransomware on Windows and Android Devices

Published

on

New AI-Generated Malware Uses Browser-Based Ransomware Technique

A new malware artifact created using DeepSeek has been identified by cybersecurity researchers. This malware combines unrealistic browser-malware concepts with a real browser capability to create a working ransomware technique that operates entirely within the browser on both Windows and Android devices.

According to a statement from Check Point, this is the first documented case where an AI model has bridged the gap between theoretical browser-only ransomware risks and a practical attack chain, revealing a new attack path that was previously considered unfeasible due to browser sandboxing limits.

The malware, named “InfernoGrabber” v9.0 by the author, is a Python Flask application uploaded to VirusTotal on January 25, 2026. Described as a fully functional information stealer and ransomware toolkit, the application operates as a malicious web server that tricks victims with a fake Discord avatar AI upscaler while carrying out malicious actions such as stealing Discord tokens, harvesting credit card numbers, logging keystrokes, and capturing unauthorized webcam and microphone feeds.

The malware code includes routines for browser exploitation, data exfiltration via Discord webhook, a ransomware screen demanding Bitcoin, and an administrative dashboard for managing stolen data. The use of DeepSeek in developing this malware highlights the role of AI in redefining the cyber threat landscape.

Check Point Research discovered the Python malware as part of its analysis of DeepSeek files, with 1,383 samples classified as malicious or dangerous. The malware implements an In-Browser Ransomware technique that does not require the installation of a native payload, exploiting a browser vulnerability or root access.

The attack technique involves using a phishing decoy to gain file system access to a web page, exfiltrating and encrypting local files, and displaying an extortion note to the victim. This technique is limited to browsers that expose the File System Access API, such as Google Chrome and other Chromium-based browsers on Windows and Android.

See also  Laughing in Terror: The Frighteningly Funny Apple TV Horror Series

AI-assisted development lowers the barrier for bad actors to create offensive code without requiring technical expertise. The future of AI security must consider these advancements and prepare for novel cyber attacks that may be discovered by AI models.

Organizations are advised to harden their delivery layer, rethink permission-based trust, and treat every browser prompt as a security decision to mitigate the risk of AI-generated malware attacks.

Trending