AI-Generated Browser Ransomware Emerges Using File System Access API

AI-Generated Browser Ransomware Emerges Using File System Access API

First seen 1 Jul 2026, 21:47 UTC Organisator.ChTheregisterGbhackersFeeds.4Sysops 78% similarity 64.5
Share:

Article Content

Browse articles
ThreatCluster

Check Point Research has identified a new form of ransomware generated by the AI model DeepSeek, which operates entirely within web browsers by exploiting the File System Access API. This attack method requires no installation or advanced technical skills, making it accessible to low-skilled cybercriminals. The researchers analyzed nearly 3,000 files attributed to DeepSeek and discovered a sample that could be transformed into a functional ransomware attack with minimal effort. The model produced a malicious application that combines various malicious functionalities, including file encryption, without needing a native payload. The attack leverages social engineering tactics to convince users to grant folder access, thereby facilitating data exfiltration. Major AI providers have restricted requests related to ransomware, but DeepSeek's lower safety controls allow for easier exploitation. This development marks a significant shift in the threat landscape, as it bridges theoretical risks with practical attack scenarios.

Key Points: • DeepSeek generates browser-native ransomware using the File System Access API. • No technical expertise is needed to execute attacks, lowering barriers for cybercriminals. • The ransomware prototype can encrypt files without needing a native payload or installation.

ThreatCluster AI

Timeline

2023-09-12
CVE-2023-4863 published
A vulnerability related to the File System Access API was published, highlighting potential risks.
Article 1
2026-07-01
Check Point identifies AI-generated ransomware
Check Point Research revealed a ransomware sample generated by DeepSeek that operates entirely in browsers.
Article 1
2026-07-01
Proof-of-concept for browser ransomware demonstrated
Researchers validated the ransomware technique using a fake AI image optimization tool that encrypts files.
Article 2
2026-07-02
New attack method reported
AI models like DeepSeek are identified as enabling browser-native ransomware, bypassing traditional security.
Article 3
2026-07-02
Social engineering tactics used in ransomware
A fake AI image-enhancement app is used to lure users into granting folder access for ransomware deployment.
Article 4

Community

Browse all →