- DeepSeek connected a theoretical browser flaw to a working attack chain
- Ransomware example targets Android’s photo folder via fake permission prompt
- Check Point classified 1,383 DeepSeek-related files as malicious or dangerous
A Chinese AI model accidentally stumbled upon a working ransomware technique while trying to satisfy an unrealistically broad prompt.
New findings from Check Point Research indicate that the sample generated by DeepSeek combines theoretical browser risk with a working attack method, requiring no exploits, no application installations, and no real technical skill on the part of the attacker.
It targets Android’s photo storage through a legitimate browser feature called File System Access API, disguised as a simple AI photo enhancement tool.
How the attack actually works
The technique abuses Android’s DCIM folder, which typically contains years of personal photos, scanned ID documents, and banking screenshots.
Victims grant access via a single permission prompt disguised as an AI-powered photo enhancer, unaware that they are ceding control of an entire directory.
Check Point’s dataset included nearly 3,000 files attributed to DeepSeek, and researchers classified 1,383 of them as malicious or dangerous using VirusTotal and static analysis methods.
The team found a sample implementing a dangerous browser-native technique that has never been observed before in real-world attacks.
The sample, dubbed InfernoGrabber 9000, was incomplete, but testing showed it required little additional effort to become fully functional.
“Very little effort is required. Low-level expertise is sufficient. You don’t need to be a sophisticated cybercriminal or advanced persistent threat group,” said Pedro Drimel Neto, head of the malware analysis team at Check Point.
“In fact, we have already observed evidence of real threats attempting this attack using simple LLM prompts.”
Why this marks a turning point
“We are seeing a fundamental shift in how new cyberattacks are born. For the first time, we have proof that an AI model can independently reason about the legitimate functionality of a platform,” said Eli Smadja, head of research at Check Point.
This represents a major shift in the way new cyberattacks are discovered and developed.
However, the underlying browser risk is not entirely new. A 2023 USENIX security article examined how the File System Access API could theoretically enable ransomware.
What changed, according to Check Point, was that DeepSeek connected these previously theoretical ideas into a realistic and functional attack chain, without human assistance.
When researchers tested the same concept using the latest DeepSeek V4 model, it refused direct ransomware demands, but complied once the explicit terms were removed.
Comparable tests with other LLMs have produced only rejections or heavily constrained, browser-safe implementations lacking the same file access capability.
Check Point has finally built a working proof of concept, successfully encrypting photos on Android devices running Chrome 148, confirming that the danger extends well beyond a single faulty sample.
Organizations integrating AI into their workflows must now treat each browser permission prompt as a real security decision rather than a routine click.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.




