AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android
ID: 86b63c8e-4726-516f-baa8-06faa3f4cd18
STIX ID: report--86b63c8e-4726-516f-baa8-06faa3f4cd18
Feed Name: The Hacker News
Check Point and VirusTotal researchers analyzed a Python Flask sample (InfernoGrabber) produced with the DeepSeek AI model that implements a novel browser-native ransomware and info-stealer technique leveraging the File System Access API in Chromium-based browsers on Windows and Android; the malicious webserver lures users with a fake Discord avatar upscaler, enumerates and exfiltrates files from a user-selected folder, encrypts/overwrites them, steals Discord tokens, payment data and seed phrases, and displays a ransomware demand — the sample demonstrates how LLMs can autonomously surface practical attack chains previously considered infeasible, though there is no confirmed evidence of this pattern being used in real-world campaigns yet.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
