- DeepSeek connected a theoretical browser flaw to a functional attack chain
- Ransomware Sample Targets Android Photos Folder Using Fake Permission Request
- Check Point classified 1,383 files linked to DeepSeek as malicious or dangerous
A Chinese AI model accidentally stumbled upon a working ransomware technique while trying to satisfy a broad and unrealistic message.
New findings from Check Point Research say that the sample generated by DeepSeek connects a theoretical browser compromise with a functional attack method, which requires no exploitation, app installation, or actual technical skill on the part of the attacker.
It targets Android photo storage through a legitimate browser feature called File System Access API, disguised as a simple AI photo enhancement tool.
How the attack actually works
The technique abuses Android’s DCIM folder, which typically contains years of personal photos, scanned ID documents, and bank screenshots.
Victims grant access through a single permission message disguised as an AI-powered photo enhancer, unaware that they are giving up control of an entire directory.
Check Point’s data set included nearly 3,000 files attributed to DeepSeek, and researchers classified 1,383 of them as malicious or dangerous using VirusTotal and static analysis methods.
The team found a sample that implemented a dangerous browser-native technique that had never before been observed in real-world attacks.
The sample, dubbed InfernoGrabber 9000, was incomplete, but testing showed that it required little additional effort to become fully functional.
“It takes very little effort. A low level of experience is enough. You don’t need to be a sophisticated cybercriminal or an advanced persistent threat group,” said Pedro Drimel Neto, malware analysis team leader at Check Point.
“In fact, we have already seen evidence of real threat actors attempting this attack using simple LLM prompts.”
Why this marks a turning point
“What we are witnessing is a fundamental change in how new cyberattacks are born. For the first time, we have evidence that an AI model can reason independently through features of legitimate platforms,” said Eli Smadja, head of research at Check Point.
This represents a major change in the way new cyberattacks are discovered and developed.
However, the underlying browser risk is not entirely new. A 2023 USENIX security document examined how the file system access API could, in theory, enable ransomware.
What changed, according to Check Point, is that DeepSeek connected these previously theoretical ideas into a realistic and functional attack chain without human guidance.
When researchers tested the same concept using the latest DeepSeek V4 model, it rejected direct ransomware requests but complied once explicit terms were removed.
Comparable tests with other LLMs produced only rejections or very restricted, browser-safe implementations that lacked the same file access capability.
Check Point finally created a working proof of concept, successfully encrypting photos on Android devices running Chrome 148, confirming that the danger extends far beyond a single faulty sample.
Organizations that incorporate AI into their workflows must now treat each browser permission request as a genuine security decision rather than a routine click.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.




