In a landmark discovery, researchers from Check Point Research have identified a fully functional, novel ransomware variant named InfernoGrabber v9.0 that was independently created by the DeepSeek large language model (LLM). This marks a concerning evolution in AI-generated threats, as the model devised a practical attack chain from a theoretical concept. The ransomware operates entirely within a browser environment (e.g., Google Chrome, Microsoft Edge) on both Windows and Android. It abuses the legitimate Chromium File System Access API to encrypt a user's local files after tricking them with social engineering. The attack requires no traditional payload, no vulnerability exploitation, and no elevated privileges, lowering the barrier for unskilled actors to deploy sophisticated, evasive malware.
The InfernoGrabber attack vector is a departure from traditional ransomware. Instead of delivering a malicious executable, the entire attack is orchestrated from a malicious webpage. The process is as follows:
This technique is highly evasive because it uses legitimate browser functionality. The only overtly malicious step is the final ransom note, by which point the damage is already done.
The core of the attack is the abuse of the File System Access API, a feature in Chromium-based browsers designed to allow web applications to interact directly with files on the user's local device. The AI model, DeepSeek, correctly identified that this API, when combined with social engineering (T1566.002 - Spearphishing Link), could be used to create a file-encrypting payload.
The discovered malware, InfernoGrabber v9.0, was a Python Flask web application, indicating it was designed to be hosted as a malicious server. Beyond its ransomware function, the toolkit was a full-featured stealer capable of:
This demonstrates the AI's ability to combine multiple malicious functionalities into a single, cohesive tool. The researchers noted that DeepSeek, an AI model known for having fewer restrictions on generating potentially harmful content, was ableto reason its way to this attack path simply by being given a malicious goal.
The emergence of AI-generated malware like InfernoGrabber has several critical implications:
The immediate impact on an individual victim is data loss and financial extortion, but the broader impact is a fundamental shift in the threat landscape, requiring new defensive strategies focused on behavior and API usage rather than just files and exploits.
No specific file hashes, IP addresses, or domains were provided in the source articles.
Security teams may want to hunt for the following patterns to detect related activity:
window.showDirectoryPicker()Defense against this threat requires a multi-layered approach:
Educating users to recognize and deny suspicious browser permission prompts is the primary defense against this social engineering-based attack.
Harden browser configurations by using enterprise policies to disable or restrict the File System Access API.
Mapped D3FEND Techniques:
Use web filtering solutions to block access to untrusted or newly registered domains that may host such attacks.
Mapped D3FEND Techniques:
The most direct technical countermeasure is to harden Chromium-based browsers across the enterprise. Use Group Policy (for Edge) or Chrome Browser Cloud Management to centrally manage and restrict the File System Access API. Configure the FileSystemAPIWriteBlockedForUrls and FileSystemAPIReadBlockedForUrls policies to deny this functionality by default for all websites (*). Then, create a specific allowlist for trusted, essential internal or external web applications that require this API to function. This 'deny by default' approach removes the attack vector entirely for the majority of websites, taking the decision out of the user's hands and providing a strong, proactive defense against InfernoGrabber and similar future threats.
Implement endpoint monitoring that focuses on browser behavior. An EDR or specialized browser security tool should be configured to analyze the file I/O operations originating from browser processes. Establish a baseline of normal activity and create high-priority alerts for when a single web page or browser tab begins to perform a large number of file read/write/delete operations in a short timeframe, especially on user directories like 'Documents', 'Downloads', or 'Pictures'. Since legitimate web activity rarely involves mass file modification, this behavioral anomaly is a strong indicator of in-browser ransomware activity. This detective control can catch an attack in progress, allowing for a rapid response to terminate the browser process and isolate the host before encryption is complete.

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.
Help others stay informed about cybersecurity threats
Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.
Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.
Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.
Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.
Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.