The Blueprint That Almost Worked
Here's the thing about AI-generated malware: it doesn't have to be perfect. It just has to be good enough.
Check Point researchers found a DeepSeek-generated sample they're calling InfernoGrabber 9000 — a Python Flask application designed to run entirely inside a victim's browser. The sample was incomplete, sure. It couldn't actually pull off an in-the-wild infection on its own. But the researchers' testing showed that transforming it into a fully functional attack required nothing more than low-level expertise. We're talking basic coding knowledge, not advanced persistent threat group resources.
"Very little effort is needed," said Pedro Drimel Neto, malware analysis team leader at Check Point Research. "You don't need to be a sophisticated cybercriminal or advanced persistent threat group." And here's what keeps security teams up at night: they've already observed evidence of actual threat actors attempting this attack using straightforward LLM prompts.
The sample masquerades as a Discord avatar AI upscaler. Click the button, grant permission, and suddenly your browser is doing things it should never be allowed to do. Stealing Discord tokens. Harvesting credit card numbers and cryptocurrency seed phrases. Logging keystrokes. Capturing unauthorized webcam and microphone feeds. All running silently inside the browser process.
The good news? The browser's built-in security model prevented most of this from actually working. The bad news? That same model isn't designed to stop something like this at all.
How Artificial Intelligence Cybersecurity Threats Are Evolving
This isn't the first time researchers have discussed browser-based ransomware. The File System Access specification lists it as a security consideration. A 2023 USENIX Security paper described exactly how this API could be abused to encrypt local files from a malicious web application. Google's own researchers wrote about it — long before LLMs could generate working malware.
What Check Point found is different. An AI model took these previously documented concepts and assembled them into a realistic, enforceable attack scenario. The DeepSeek-attributed sample connected a documented platform risk to a phishing-style web application, creating a viable end-to-end attack chain that defenders had originally thought was unfeasible due to browser sandboxing limits.
The File System Access API — primarily supported by Chrome and Chromium-based browsers — lets developers build web applications that can read, write, and manage files on a user's local device. Think rich editors, IDEs, creative tools. It's powerful. It's also a massive attack surface expansion.
"Even though it can be used to develop rich web applications, it greatly extends the attack surface, which can be abused by adversaries to cause significant harm," Google's Güliz Seray Tuncay and Florida International University researchers wrote back in 2023. They couldn't have known that AI models would soon be weaponizing their warnings.
The Numbers Behind the Threat
Check Point's threat hunting team has been tracking DeepSeek-generated files for almost a year now. The dataset is sobering: they've identified nearly 3,000 files attributed to DeepSeek, and classified almost half — 1,383 files — as malicious or dangerous using VirusTotal or static source analysis.
That's not a rounding error. That's nearly 50% of everything they've found being actively harmful.
The InfernoGrabber 9000 sample itself is a masterclass in AI overreach. VirusTotal calls it "a fully functional information stealer and ransomware toolkit." The code presents routines and stubs for keylogging, clipboard monitoring, form and network-request interception, Discord-token collection, crypto-wallet and payment-card discovery, geolocation requests, webcam and microphone access, screenshots, local-file access, Chrome exploit stubs targeting CVE-2023-4863, persistence mechanisms, and a ransomware-style overlay demanding Bitcoin.
A more accurate reading? It's an AI-generated blueprint. The model tried to translate familiar capabilities of native stealers and ransomware tools into a web page, but it didn't actually implement all of them. Still, the architecture is there. The intent is clear. And as Check Point demonstrated with DeepSeek V4, the model can produce working code when given the right prompt — even if researchers had to remove some of the more explicit terms like "ransomware" from their requests.
Why This Matters for Defenders
The attack vector is elegant in its simplicity. No native payload. No APK installation. No browser exploit. No root access required. Just social engineering — tricking a user into clicking a malicious button — combined with a legitimate permission prompt from the File System Access API.
This is especially appealing to attackers because it bypasses so many traditional detection mechanisms. Antivirus software looking for executable files? Misses it. Mobile security apps scanning for malicious APKs? Irrelevant. Browser sandboxing that's supposed to contain web content? Designed for a different threat model entirely.
Check Point was able to create a working proof-of-concept for the browser-native attack using DeepSeek V4. The team produced "a web page that asks the user for access to local files, processes them inside the browser, and leaves the user unable to recover the original content." That's ransomware. Pure and simple.
"We expect to see this activity in the short term, if we haven't already," Neto said. And here's what makes it particularly insidious: code obfuscation used in these attacks makes them difficult to spot. There's a real possibility that attacks using this technique are already occurring in the wild but going unnoticed.
Traditional ransomware groups target enterprises and critical infrastructure. This new breed? It's going after individual Android users through their browsers. The attack surface just got a lot bigger, and the barrier to entry just got a lot lower.
What Comes Next
The implications extend far beyond this single sample. Check Point's research demonstrates that the gap between theoretical AI-generated malware and practical, deployable attacks is shrinking fast. What required sophisticated threat actors six months ago now requires a basic LLM prompt and minimal coding knowledge.
The security community needs to rethink how we approach browser-based threats. Current defenses are built around the assumption that web content is contained within a sandbox. But as AI models get better at generating functional code, and as browsers continue to expand their capabilities for legitimate developers, that sandbox becomes less of a barrier and more of an illusion.
For organizations, the takeaway is clear: monitor for unusual browser behavior, especially on mobile devices. For users, be skeptical of web applications asking for file system access — particularly ones disguised as utility tools. And for the industry at large, this is another data point in an increasingly uncomfortable trend: artificial intelligence cybersecurity threats aren't coming. They're here, they're browser-native, and they're getting harder to detect with every passing month.