- DeepSeek linked a theoretical browser bug to a working attack chain
- The ransomware sample targets Android’s Photos folder through a fake permission prompt
- Check Point classified 1,383 DeepSeek-linked files as malicious or dangerous
A Chinese AI model accidentally stumbled upon a working ransomware technique while trying to satisfy an unrealistically broad prompt.
New findings from Check Point Research say the DeepSeek-generated sample links a theoretical browser vulnerability to a working attack method that requires no exploit, no app installation, and no real technical skills from the attacker.
It targets Android’s photo storage through a legitimate browser feature called the File System Access API, disguised as a simple AI photo enhancement tool.
How the attack actually works
The technique abuses Android’s DCIM folder, which typically contains years of personal photos, scanned identification documents and bank screenshots.
Victims grant access through a single permission prompt disguised as an AI-powered photo intensifier, unaware that they are handing over control of an entire folder.
Check Point’s dataset included nearly 3,000 files attributed to DeepSeek, and researchers classified 1,383 of them as malicious or dangerous using VirusTotal and static analysis methods.
The team found a sample that implemented a dangerous in-browser technique that has never been observed before in real attacks.
The sample, nicknamed the InfernoGrabber 9000, was incomplete, but testing showed that it needed some extra effort to become fully functional.
“Very little effort is required. Low-level expertise is sufficient. You don’t need to be a sophisticated cybercriminal or advanced persistent threat group,” said Pedro Drimel Neto, Malware Analysis Team Leader at Check Point
“In fact, we have already observed evidence of actual threat actors attempting this attack using straightforward LLM prompts.”
Why this marks a turning point
“What we are witnessing is a fundamental shift in how new cyberattacks emerge. For the first time, we have evidence that an AI model can independently reason across legitimate platform functions,” says Eli Smadja, head of research at Check Point
This represents a major shift in how new cyberattacks are discovered and developed.
However, the underlying browser risk is not entirely new. A 2023 USENIX Security paper examined how the File System Access API could theoretically enable ransomware.
What changed, according to Check Point, is that DeepSeek connected these previously theoretical ideas into a realistic, working attack chain without human guidance.
When researchers tested the same concept using the latest DeepSeek V4 model, it rejected outright ransomware requests but complied when explicit terms were removed.
Comparable tests against other LLMs yielded only rejections or severely limited, browser-safe implementations that lacked the same file access capability.
Check Point ultimately built a working proof of concept that successfully encrypted photos on Android devices running Chrome 148, confirming that the danger extends far beyond a single flawed sample.
Organizations integrating AI into their workflows must now treat each browser permission prompt as a true security decision rather than a routine click.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.



