DeepSeek turned a browser-only ransomware blueprint into an attack-ready proof
Check Point says a DeepSeek sample can be made fully functional with little effort, using Chrome’s File System Access permissions.

Check Point Research analyzed a DeepSeek-attributed sample described as in-browser ransomware and found it could be transformed into a working proof of concept. For decision-makers, it signals that LLM-assisted malware development may lower the bar for browser-native attacks and increase undetected risk.
DeepSeek did not just generate a theoretical cyberthreat. Check Point Research says it found a DeepSeek-attributed “in-browser ransomware” sample and demonstrated that it could be turned into a “fully functional” browser-native proof of concept with minimal effort.
In a Wednesday report, Check Point’s threat hunters analyzed a DeepSeek-generated code sample described as “browser-native ransomware” and tested an improved version based on the latest DeepSeek model V4. The key point for anyone responsible for security planning is blunt: defenders may have assumed browser sandboxing limited what was possible, but Check Point claims the latest LLM can create a realistic, end-to-end attack chain that asks users for local-file access and then leaves them unable to recover the original content.
So what exactly is “browser-only ransomware,” and why does it matter beyond the security crowd? Modern ransomware typically relies on something outside the browser: native payloads, APK installation, browser exploits, or administrative privileges. Check Point’s analysis focuses on a different path. The attack is framed as a phishing-style web page combined with a legitimate permission prompt exposed by the File System Access API in Chrome. That API is a browser capability that lets web apps read, write, and manage files on a user’s local device. It enables useful tools like editors, IDEs, and creative applications, but it also expands the attack surface. As Check Point notes, ransomware is already listed as a security consideration in the File System Access specification, and a 2023 USENIX Security paper described how the File System Access API could be abused to encrypt local files from a malicious web application.
Check Point’s Wednesday report connects those previously documented ideas to an LLM-generated, more complete scenario. The researchers say the “original incomplete DeepSeek sample” implemented a dangerous browser-native technique that they “have not observed exploited in the wild.” Over the past year, the team tracked almost 3,000 files attributed to DeepSeek and classified nearly half, 1,383 files, as malicious or dangerous using VirusTotal or static source analysis. Within that dataset, they found a sample capable of using a web application to target local file access through the browser.
The sample Check Point uncovered is called InfernoGrabber 9000. VirusTotal labels it a “fully functional information stealer and ransomware toolkit.” The twist is that Check Point says the code was incomplete and did not actually pull off an in-the-wild infection. Instead, the researchers describe it as an “AI-generated blueprint” where the model tried to translate familiar capabilities of native stealers and ransomware tools into a web page opened in the browser. In Check Point’s description, the lure is a victim-facing interface disguised as a “Discord avatar AI upscaler.” When a user clicks, the intent is to execute silent actions that run entirely inside the browser process.
Those actions, as described by Check Point, include stealing Discord tokens, harvesting credit card numbers and cryptocurrency seed phrases, logging keystrokes, and capturing unauthorized webcam and microphone feeds. The code also includes routines for browser exploitation, including targeting CVE-2023-4863, uses a hardcoded Discord webhook for data exfiltration, and displays a ransomware WinLocker screen demanding Bitcoin. However, Check Point emphasizes that the sample does not actually execute every element described above because the browser’s built-in security model blocks most of this functionality.
This is where the “minimal effort” part becomes the real threat. Pedro Drimel Neto, malware analysis team leader at Check Point Research, told The Register that “the original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort.” Neto also said, “Very little effort is needed,” adding that “low-level expertise is sufficient,” and that you “don't need to be a sophisticated cybercriminal or advanced persistent threat group.” Check Point further claims it has already observed evidence of actual threat actors attempting this attack using straightforward LLM prompts.
What Check Point says defenders should take seriously is not just that the blueprint exists, but that it can be operationalized. The team reportedly had to remove some explicit terms from the prompt, like ransomware, but they still produced the same functionality they describe as “a web page that asks the user for access to local files, processes them inside the browser, and leaves the user unable to recover the original content.” Bukhteyev’s analysis frames this as an enforceable scenario where a DeepSeek-attributed malicious sample connected a documented platform risk to a realistic phishing-style web application, resulting in a viable end-to-end attack chain.
InfernoGrabber 9000 targets Android users in the reported sample, but the governance lesson is broader: when malware logic can live in a browser, the enforcement surface expands and detection can get harder. Neto told The Register this type of LLM-generated code and in-browser attack is “likely happening now,” and he added, “We expect to see this activity in the short term, if we haven't already.” While traditional ransomware and extortion groups often target enterprises and critical infrastructure organizations, Check Point notes increased end-user ransomware activity recently. The risk, Neto says, is that code obfuscation used in these attacks makes them difficult to spot, so attacks using this technique could already be occurring in the wild but going unnoticed.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology

July 2 Atlas V blasts 29 Amazon Leo satellites, equaling Atlas’s heaviest load record
A 12:24 a.m. EDT window kicks off Amazon’s low Earth orbit push, tying an Atlas V weight record.

Xbox is testing Disc-to-Digital, turning disc owners into transferable digital library holders
PlayStation plans to stop disc production in 2028. Xbox’s in-testing feature could keep physical collectors from getting stranded.

Hyundai and Kia’s Plasma Care UVC kills bacteria in-car while passengers sit inside
The far-ultraviolet system is pitched as production-ready, aiming to sanitize cabins without waiting for vehicles to be empty.

