Somebody told DeepSeek to build in-browser ransomware and it gleefully complied
You don't need to be a sophisticated cybercriminal or advanced persistent threat group. In fact, we've already observed evidence of actual threat actors attempting this attack using straightforward LLM prompts.”Known threat gets an AI boostThe risk ransomware poses to browsers isn’t a new idea. Instead, it uses social engineering - tricking a user into clicking on a malicious button - combined with a legitimate permission prompt exposed by the File System Access API in Chrome.Meet InfernoGrabber 9000This particular sample that Check Point uncovered is a Python Flask application that targets Android users.
- ▪You don't need to be a sophisticated cybercriminal or advanced persistent threat group.
- ▪In fact, we've already observed evidence of actual threat actors attempting this attack using straightforward LLM prompts.”Known threat gets an AI boostThe risk ransomware poses to browsers isn’t a new idea.
- ▪Instead, it uses social engineering - tricking a user into clicking on a malicious button - combined with a legitimate permission prompt exposed by the File System Access API in Chrome.Meet InfernoGrabber 9000This particular sample that Che
Opening excerpt (first ~120 words) tap to expand
(function() { let windowUrl = window.location.href; windowUrl = windowUrl.substring(windowUrl.indexOf('?') + 1); let messageElement = document.querySelector('.shareableMessage'); if (windowUrl && windowUrl.includes('code') && windowUrl.includes('expires')) { messageElement.style.display = 'block'; } })(); Security Somebody told DeepSeek to build in-browser ransomware and it gleefully complied 'The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,' Check Point researcher tells The Reg Jessica Lyons Jessica Lyons Published wed 1 Jul 2026 // 20:57 UTC You can't ask most models to help you make "ransomware" directly, but many will be more than willing if you give them the right prompt.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at theregister.