DIGITAL LIFE
New browser-based ransomware identified
Check Point Research has identified a new method of browser-based ransomware generated autonomously through an AI hallucination associated with DeepSeek model files.
The attack—validated via a laboratory proof-of-concept released on July 3, 2026—eliminates the need to install malicious applications or exploit vulnerabilities by abusing legitimate web browsing APIs to encrypt local files. This discovery signals a significant shift in how new cyberattack techniques emerge, enabling artificial intelligence to act as a bridge between scattered knowledge and malicious objectives.
The technique relies on repurposing a legitimate local file access feature to encrypt data without installing software. While analyzing approximately 3,000 files attributed to DeepSeek in public telemetry, researchers detected code that, despite inconsistencies in most functions, accurately utilized the File System Access API.
This interface, designed for legitimate web applications such as text editors or creative tools, allows a webpage to request access to a folder on the user's device. If the victim grants permission—often through social engineering—the code gains the ability to enumerate, read, exfiltrate, and encrypt the files within that directory.
The innovation in this scenario lies in the AI model's ability to autonomously link a theoretical risk to a practical attack chain, without advanced human technical intervention.
Android poses higher risk compared to iOS system isolation...The implementation of this technical specification across mobile platforms exposes digital ecosystems unevenly. Full API support, introduced in Chrome version 132 for Android, allows webpages to request direct access to critical folders, such as the DCIM directory. Tests conducted by Check Point Research on Chrome version 148 confirmed that granting this permission puts personal photos, screenshots containing banking data, and identification documents at risk. In contrast, Apple’s iOS ecosystem remains immune to this specific technique, as the Safari browser does not expose the API in question to web pages, instead mediating file access through the operating system's restricted isolation model.
This disparity underscores the need for careful monitoring in environments that utilize Chromium-based browsers.
Generative AI bypasses restrictions via neutral prompts...The language model's security filters reveal vulnerabilities when faced with indirect descriptions of code. In laboratory tests, the DeepSeek V4 model refused explicit requests to create ransomware. However, formulating neutral prompts focused solely on local file interaction functionality resulted in the generation of browser-based malicious code.
The model itself described the final output as a trap built into an image manipulation interface, featuring hidden behaviors akin to ransomware. In comparative evaluations, OpenAI and Anthropic systems refused requests or limited implementations to safe variants, requiring significant manual assembly to achieve a similarly functional workflow.
We are witnessing a fundamental shift in how new cyberattacks can originate. For the first time, we see evidence that an AI model can reason about a platform's legitimate capabilities and identify a functional attack technique that, until now, existed primarily at a theoretical level. The attacker does not even need to know the API exists; simply describing the desired outcome suffices. This has profound implications for organizations integrating AI into their processes and for users who center much of their personal and professional lives around their mobile photo galleries...Rui Duro, Country Manager for Check Point Software Technologies in Portugal.
Practical recommendations for digital mitigation and protection...Responding to this type of threat requires a shift away from security assumptions focused solely on detecting binary executables. Both individual users and corporate infrastructure managers must adopt rigorous controls at the web browsing layer.
For users and citizens:
Evaluate permissions: Treat every browser request for folder access as a critical security decision.
Avoid core directories: Never grant read or write permissions for the DCIM folder or directories containing personal documents.
Isolate tests: Use temporary or empty folders when interacting with unknown web tools or those marketed as AI solutions.
Maintain safeguards: Perform regular, encrypted backups stored offline or with reputable cloud services.
For companies and organizations:
Traffic filtering: Implement security solutions focused on disrupting the delivery chain, such as anti-phishing systems capable of blocking suspicious pages before user interaction occurs.
Group policies: Restrict or monitor the use of the File System Access API in corporate environments via Chromium browser management policies.
System updates: Mandate systematic updates for browsers and operating systems to ensure the implementation of new security controls from vendors.
Implications for the global cybersecurity ecosystem...The ability of artificial intelligence to translate abstract concepts into functional prototypes alters the economics of cybercrime. The technical barrier to entry is substantially lowered, enabling the development of highly personalized, disposable malware that is difficult to classify using traditional signature-based methods. The fact that a technological hallucination resulted in a precise approximation of a real vulnerability demonstrates that the security of language models cannot rely solely on filtering malicious keywords.
The sector faces the challenge of policing not only users' stated intentions but also the unforeseen convergence of legitimate capabilities manipulated by algorithms.
Frequently Asked Questions (FAQ)
-What is browser-based ransomware?
It is an attack technique that runs directly on a malicious webpage, using social engineering to gain access permissions to local folders via legitimate APIs. The method encrypts user files without installing applications or downloading traditional executable files.
-What is the connection between DeepSeek and this new cyber threat?
Researchers identified the attack logic by analyzing code generated by models associated with DeepSeek. The system autonomously linked a legitimate browser feature to a ransomware objective after receiving neutrally phrased instructions.
-How can I protect my Android device against this specific attack?
You should reject requests for access to local folders from unknown webpages, especially if they ask for access to the DCIM directory. It is recommended to frequently update the Chrome browser and use security tools with active anti-phishing protection.
Key points...Fileless execution: The technique does not require app installation or the exploitation of native operating system flaws.
API abuse: The attack utilizes the file system access API in Chromium-based browsers.
Android vulnerability: API support in Chrome on Android allows the photo folder (DCIM) to be exposed.
Algorithmic origin: The functional workflow stemmed from an AI "hallucination" that combined legitimate permissions with malicious intent.
No active campaigns: The research served as a preventive warning; there were no recorded instances of this technique being used in actual attacks at the time of disclosure.
For more information, visit https://blog.checkpoint.com/research/when-ai-invents-the-attack-browser-native-ransomware/
mundophone
No comments:
Post a Comment