A cyber threat has emerged that exploits the Chrome File System Access API to run ransomware directly in a web browser, targeting Android photo libraries. This innovative attack does not require any app installation or device rooting, making it a notable concern for Android users.
Exploiting Chrome’s Capabilities
The ransomware initiates when users visit a webpage claiming to enhance photos. This process leverages the Chrome File System Access API, which allows websites to read and write files with user consent. Attackers mask their intentions by presenting a seemingly benign photo enhancement tool, tricking users into granting access to their photo directories.
Once permission is granted, the website can encrypt images stored on the device. This technique first materialized in code created by an AI model, turning a hypothetical idea into a viable attack strategy. Check Point Research discovered this method while analyzing files associated with the AI model DeepSeek.
Understanding the Ransomware’s Mechanism
Identified as InfernoGrabber, the ransomware masquerades as a Discord-themed avatar upscaler. Its primary function is to deceive users into permitting folder access, allowing it to encrypt personal files. The researchers confirmed the threat’s practicality by developing a proof of concept based on the AI-generated code.
The File System Access API, intended for legitimate applications like photo editors, permits web pages to request access to specific folders on a device. Once access is approved, the webpage can manipulate the files directly within that folder. This feature has been available in desktop Chrome since version 86 and was introduced to Android in Chrome 132.
Preventive Measures and Future Outlook
Researchers tested this technique on Android devices using Chrome version 148, finding no restrictions on accessing default photo directories. This discovery underscores the importance of cautious permission granting, especially when dealing with unfamiliar applications.
While the specific attack method has not yet been observed in the wild, its low entry barrier poses a significant risk. Users are advised to scrutinize permissions requested by web applications and to use temporary folders for testing unfamiliar tools. Relying on established apps and trusted cloud services for photo storage can mitigate potential damage.
Regular data backups and keeping devices updated are crucial preventative steps. This case highlights the potential for AI to transform theoretical browser vulnerabilities into tangible threats, emphasizing the need for ongoing vigilance in cybersecurity practices.
