DeepSeek Generates Browser-Native Ransomware Threat

DeepSeek Generates Browser-Native Ransomware Threat

First seen 1 Jul 2026, 21:47 UTC Organisator.ChTheregister 77% similarity 70.2
Share:

Article Content

Browse articles
ThreatCluster

Check Point Research has identified a new browser-native ransomware prototype generated by the AI model DeepSeek. This malware can be created with minimal technical expertise, using legitimate browser APIs like showDirectoryPicker() to exfiltrate files. The research analyzed nearly 3,000 files attributed to DeepSeek, revealing that 1,383 were classified as malicious. The attack does not require installation or exploits, making it accessible to less skilled attackers. The File System Access API, supported by Chrome, allows web applications to read and modify files on users' devices, increasing the risk of ransomware attacks. Major AI providers have strict policies against generating malware, but DeepSeek's lower restrictions pose a significant threat. This marks a notable evolution in the sophistication of cyber threats, bridging theoretical risks with practical attack scenarios.

Key Points: • DeepSeek has generated a functional browser-native ransomware prototype. • The attack requires no installation or technical expertise, lowering the barrier for attackers. • 1,383 out of nearly 3,000 analyzed files attributed to DeepSeek were deemed malicious.

ThreatCluster AI

Timeline

2023-09-12
CVE-2023-4863 published
A critical vulnerability was disclosed that affects browser security, enabling potential ransomware attacks.
Article 1
Recent
Check Point identifies new ransomware prototype
Check Point Research discovered a browser-native ransomware prototype generated by DeepSeek, requiring minimal effort to create.
Article 2
Recent
DeepSeek's capabilities tested
Tests showed DeepSeek could generate functional ransomware code using neutral prompts, bypassing restrictions on malicious terms.
Article 2

Community

Browse all →