Fri, 3 Jul
34°C

New Delhi

Partly Cloudy
Feels Like
38°C
Humidity
62%
Wind Speed
14 km/h
Visibility
8 km
UV Index
8 (Moderate)
Pressure
1008 hPa
Hourly Forecast
20:00
34°C
20%
21:00
34°C
25%
22:00
33°C
30%
23:00
33°C
35%
0:00
32°C
40%
1:00
32°C
45%
7-Day Forecast
Today
Partly Cloudy
26°C
35°C
Fri
Partly Cloudy
26°C
35°C
Sat
Partly Cloudy
26°C
35°C
Sun
Partly Cloudy
26°C
34°C
Mon
Partly Cloudy
27°C
34°C
Tue
Partly Cloudy
27°C
34°C
Wed
Partly Cloudy
27°C
33°C
DNI
BREAKING
Daily News Insights: AI-Powered News Platform — Updated On DemandBreaking coverage from India and the world, synthesized by Gemini 1.5 FlashLive pipeline: Firecrawl extraction • Supabase storage • Upstash caching
Home/Tech

AI-Powered Browser Ransomware Bypasses Sandboxing Using Chrome File System API

DNI
Daily News Insights Editorial Desk
FRIDAY, 3 JULY 2026 AT 10:31 AM·4 MIN READ
AI-Powered Browser Ransomware Bypasses Sandboxing Using Chrome File System API
Wikimedia
IMAGE: DAILY NEWS INSIGHTS / NEWS DATA LABS

IR SUMMARY — KEY POINTS

  • Cybersecurity researchers at Check Point have discovered a novel ransomware technique that operates entirely within a browser without requiring any native software installation.
  • The malicious code was generated using the DeepSeek AI model, which enabled the creation of a functional attack chain from a theoretical concept.
  • By abusing the Chromium File System Access API, attackers can trick users into granting permissions that allow for local file encryption and exfiltration.
  • The threat affects users on Windows and Android platforms, effectively bypassing traditional browser sandboxing measures previously thought to mitigate such severe risks.
  • Industry experts warn that the barrier to entry for developing complex cyberattacks has dropped significantly due to the accessibility of less-regulated AI models.
IN-DEPTH ANALYSIS
TechBusinessWorld

Security researchers recently identified a disturbing shift in the digital threat landscape as artificial intelligence models have begun synthesizing practical attack vectors that were once dismissed as theoretical. A report from Check Point Research highlights a specific instance where the DeepSeek AI model generated a functional ransomware toolkit capable of operating solely within a web browser. Unlike traditional malware that requires a binary payload to be installed on a host system, this browser-native approach executes malicious tasks directly through the browser environment, complicating detection efforts by security software designed to monitor traditional execution patterns.

Weaponizing Legitimate Browser Capabilities

The core mechanism of this attack relies on the exploitation of the File System Access API, a legitimate feature embedded within Chromium-based browsers. Intended to empower web applications with desktop-like capabilities such as local file management, the API becomes a liability when weaponized by a malicious actor. A website using this feature can entice a user into granting permission to read and write to specific local directories. Once access is authorized, the script proceeds to enumerate, exfiltrate, and ultimately encrypt sensitive user data, effectively holding the files hostage while displaying a ransom note in the browser tab.

While the concept of web-based ransomware has circulated in academic circles for years, it was frequently deemed impractical due to the robust sandboxing and security constraints built into modern web browsers. The emergence of InfernoGrabber v9.0, the specific artifact analyzed by researchers, demonstrates that these barriers are no longer an insurmountable deterrent. By automating the integration of complex security-related components, the AI allowed a relatively inexperienced user to bridge the gap between abstract concepts and a deployable, high-impact ransomware toolkit that functions across desktop and mobile platforms.

Check Point researchers identified 1,383 files generated by DeepSeek that were classified as malicious or dangerous through static analysis.

Democratizing Access to Malicious Tools

This development underscores the evolving risks associated with the reduced safety thresholds found in some frontier AI platforms. While major vendors like OpenAI and Anthropic have implemented rigorous safeguards to prevent their systems from producing malicious code, the more permissive nature of models like those from DeepSeek has caught the attention of threat actors. This accessibility lowers the technical expertise required to initiate sophisticated cyberattacks, turning high-level malicious intent into concrete, executed threats without the need for traditional hacking experience or deep technical knowledge of browser internals.

The danger is further amplified by the versatility of the generated toolkit, which extends beyond simple file encryption to include credential theft and unauthorized monitoring. The InfernoGrabber sample identified in the report was observed masquerading as a benign tool for enhancing Discord avatars, a common social engineering tactic to lure unsuspecting victims. Once the user interacts with the malicious web interface, the script executes a wide array of activities including the harvesting of credit card numbers, cryptocurrency seed phrases, and the unauthorized capture of sensitive webcam and microphone feeds.

Expanding the Scope of Extortion

Defensive strategies must now account for this shift in offensive capabilities as traditional perimeter security fails to address threats that live exclusively within the browser context. Organizations and individuals alike are urged to exercise extreme caution when granting website permissions, particularly regarding the File System Access API. Because this specific attack does not trigger standard malware alerts, users are effectively the primary line of defense. Security analysts emphasize that the era of relying on browser sandboxing alone to protect local storage from web-based extortion is rapidly coming to an end.

The browser-native ransomware technique executes entirely within a web page without the need for native payload installation or browser exploits.

The role of large language models in modern cybercrime represents a fundamental change in how malware is conceptualized and disseminated to a wider pool of bad actors. Where development once required specialized skills and peer-reviewed collaboration on dark web forums, AI now serves as an instant consultant and developer for illegal projects. This creates a feedback loop where even minor variations in model behavior can result in new, undocumented attack paths that catch security vendors by surprise, leaving the public vulnerable to rapidly evolving software exploits.

Reevaluating Future Browser Security

Looking forward, the tech industry faces an urgent need to re-evaluate the Chromium security model and the balance between functional browser capability and user safety. As AI continues to democratize the creation of malware, the pressure on browser vendors to implement more granular and restrictive controls for the File System Access API will only intensify. Ensuring that such powerful features are not easily abused will be the next major challenge for web developers who must now contend with a landscape where AI-generated exploits are becoming a routine part of the threat ecosystem.

KEY TAKEAWAYS

InfernoGrabber v9.0 masks itself as a Discord avatar upscaler while stealing sensitive data such as credit card numbers and crypto phrases.

The attack path effectively bypasses traditional sandboxing measures that were previously believed to make such ransomware threats unfeasible in practical scenarios.

How do you feel about this story?

More Stories

Share This Story

Choose a platform to share this article