Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
New Browser-Based Ransomware Targets Android Photos

New Browser-Based Ransomware Targets Android Photos

Posted on July 2, 2026 By CWS

A cyber threat has emerged that exploits the Chrome File System Access API to run ransomware directly in a web browser, targeting Android photo libraries. This innovative attack does not require any app installation or device rooting, making it a notable concern for Android users.

Exploiting Chrome’s Capabilities

The ransomware initiates when users visit a webpage claiming to enhance photos. This process leverages the Chrome File System Access API, which allows websites to read and write files with user consent. Attackers mask their intentions by presenting a seemingly benign photo enhancement tool, tricking users into granting access to their photo directories.

Once permission is granted, the website can encrypt images stored on the device. This technique first materialized in code created by an AI model, turning a hypothetical idea into a viable attack strategy. Check Point Research discovered this method while analyzing files associated with the AI model DeepSeek.

Understanding the Ransomware’s Mechanism

Identified as InfernoGrabber, the ransomware masquerades as a Discord-themed avatar upscaler. Its primary function is to deceive users into permitting folder access, allowing it to encrypt personal files. The researchers confirmed the threat’s practicality by developing a proof of concept based on the AI-generated code.

The File System Access API, intended for legitimate applications like photo editors, permits web pages to request access to specific folders on a device. Once access is approved, the webpage can manipulate the files directly within that folder. This feature has been available in desktop Chrome since version 86 and was introduced to Android in Chrome 132.

Preventive Measures and Future Outlook

Researchers tested this technique on Android devices using Chrome version 148, finding no restrictions on accessing default photo directories. This discovery underscores the importance of cautious permission granting, especially when dealing with unfamiliar applications.

While the specific attack method has not yet been observed in the wild, its low entry barrier poses a significant risk. Users are advised to scrutinize permissions requested by web applications and to use temporary folders for testing unfamiliar tools. Relying on established apps and trusted cloud services for photo storage can mitigate potential damage.

Regular data backups and keeping devices updated are crucial preventative steps. This case highlights the potential for AI to transform theoretical browser vulnerabilities into tangible threats, emphasizing the need for ongoing vigilance in cybersecurity practices.

Cyber Security News Tags:Android, artificial intelligence, browser security, Chrome API, Cybersecurity, DeepSeek, File System Access API, InfernoGrabber, photo encryption, Ransomware

Post navigation

Previous Post: AI-Driven Ransomware Attack Exploits Langflow Vulnerability
Next Post: FortiBleed Credential Theft Ties Ransomware to INC and Lynx

Related Posts

ChatGPT Agent Bypasses Cloudflare “I am not a robot” Verification Checks ChatGPT Agent Bypasses Cloudflare “I am not a robot” Verification Checks Cyber Security News
Chrome Type Confusion Zero-Day Vulnerability Actively Exploited in the Wild Chrome Type Confusion Zero-Day Vulnerability Actively Exploited in the Wild Cyber Security News
Fake Microsoft Teams Downloads Deliver ValleyRAT Malware Fake Microsoft Teams Downloads Deliver ValleyRAT Malware Cyber Security News
Critical Apache Tika PDF Parser Vulnerability Allow Attackers to Access Sensitive Data Critical Apache Tika PDF Parser Vulnerability Allow Attackers to Access Sensitive Data Cyber Security News
15,200 OpenClaw Systems at Risk Due to Internet Exposure 15,200 OpenClaw Systems at Risk Due to Internet Exposure Cyber Security News
CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Cisco Addresses Active Exploitation of Unified CM Flaw
  • JetBrains Security Flaws Risk Code Execution and Account Breach
  • Trump Lifts Ban on Anthropic AI Models Amid Security Concerns
  • FortiBleed Credential Theft Ties Ransomware to INC and Lynx
  • New Browser-Based Ransomware Targets Android Photos

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Cisco Addresses Active Exploitation of Unified CM Flaw
  • JetBrains Security Flaws Risk Code Execution and Account Breach
  • Trump Lifts Ban on Anthropic AI Models Amid Security Concerns
  • FortiBleed Credential Theft Ties Ransomware to INC and Lynx
  • New Browser-Based Ransomware Targets Android Photos

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark