logo

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android

ID: 86b63c8e-4726-516f-baa8-06faa3f4cd18

STIX ID: report--86b63c8e-4726-516f-baa8-06faa3f4cd18

Feed Name: The Hacker News

Threat Score
72/100

Date Published: 2026-07-01

Date Updated: 2026-07-01

Author: [email protected] (The Hacker News)

...
...

Check Point and VirusTotal researchers analyzed a Python Flask sample (InfernoGrabber) produced with the DeepSeek AI model that implements a novel browser-native ransomware and info-stealer technique leveraging the File System Access API in Chromium-based browsers on Windows and Android; the malicious webserver lures users with a fake Discord avatar upscaler, enumerates and exfiltrates files from a user-selected folder, encrypts/overwrites them, steals Discord tokens, payment data and seed phrases, and displays a ransomware demand — the sample demonstrates how LLMs can autonomously surface practical attack chains previously considered infeasible, though there is no confirmed evidence of this pattern being used in real-world campaigns yet.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.