Cybersecurity experts have identified a new form of ransomware that leverages artificial intelligence to exploit the Chromium API on Windows and Android platforms. This innovative threat, flagged by researchers using DeepSeek, combines previously theoretical browser-malware concepts with practical browser capabilities, resulting in a functional ransomware method executed entirely within the browser.
AI and the Emergence of Novel Cyber Threats
The discovery marks the first instance where an AI model has independently transitioned from a theoretical risk to a viable attack method, overcoming challenges traditionally posed by browser sandboxing. According to Check Point, this development highlights a shift in the cybersecurity landscape, as it becomes easier for malicious actors to identify new attack vectors without extensive expertise.
The malware, identified as InfernoGrabber v9.0, is a Python Flask application uploaded to VirusTotal in early 2026. Described as a comprehensive information-stealing and ransomware toolkit, it masquerades as a fake Discord avatar AI upscaler to lure victims. The application conducts several malicious activities, including stealing Discord tokens, capturing credit card information, and logging keystrokes.
Technical Analysis of the Ransomware
The ransomware employs a variety of tactics to achieve its goals. It includes routines for exploiting browser vulnerabilities, such as CVEs like CVE-2023-4863, and uses a hard-coded Discord webhook for data exfiltration. Additionally, it demands Bitcoin through a ransomware ‘WinLocker’ screen and features an administrative dashboard for managing stolen data.
This development signifies a growing trend where AI and large language models (LLMs) are increasingly being used to facilitate cyber threats. DeepSeek’s involvement is particularly concerning due to its lower refusal rates for harmful queries compared to Western AI platforms like Anthropic, Google, or OpenAI. The accessibility and broad prompt capabilities of DeepSeek make it a potent tool for generating malicious applications.
Implications and the Future of Cybersecurity
The discovery of this AI-generated malware underscores a critical shift in how cyber attacks are conceptualized and executed. The ability of AI models to independently devise attack strategies using legitimate platform features poses significant challenges for security professionals. Eli Smadja from Check Point Research emphasizes the need for organizations to adapt by strengthening security protocols, reconsidering permission-based trust, and treating browser prompts as critical security decisions.
As AI continues to evolve, the potential for these technologies to be harnessed for malicious purposes grows. It is imperative that cybersecurity measures evolve in tandem, preparing for a future where AI models might inadvertently uncover new attack techniques. This necessitates a proactive approach to security, assuming that the next threat could originate from an AI-generated solution rather than human ingenuity.
