Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
New Browser-Based Ransomware Targets Android Photos

New Browser-Based Ransomware Targets Android Photos

Posted on July 2, 2026 By CWS

A cyber threat has emerged that exploits the Chrome File System Access API to run ransomware directly in a web browser, targeting Android photo libraries. This innovative attack does not require any app installation or device rooting, making it a notable concern for Android users.

Exploiting Chrome’s Capabilities

The ransomware initiates when users visit a webpage claiming to enhance photos. This process leverages the Chrome File System Access API, which allows websites to read and write files with user consent. Attackers mask their intentions by presenting a seemingly benign photo enhancement tool, tricking users into granting access to their photo directories.

Once permission is granted, the website can encrypt images stored on the device. This technique first materialized in code created by an AI model, turning a hypothetical idea into a viable attack strategy. Check Point Research discovered this method while analyzing files associated with the AI model DeepSeek.

Understanding the Ransomware’s Mechanism

Identified as InfernoGrabber, the ransomware masquerades as a Discord-themed avatar upscaler. Its primary function is to deceive users into permitting folder access, allowing it to encrypt personal files. The researchers confirmed the threat’s practicality by developing a proof of concept based on the AI-generated code.

The File System Access API, intended for legitimate applications like photo editors, permits web pages to request access to specific folders on a device. Once access is approved, the webpage can manipulate the files directly within that folder. This feature has been available in desktop Chrome since version 86 and was introduced to Android in Chrome 132.

Preventive Measures and Future Outlook

Researchers tested this technique on Android devices using Chrome version 148, finding no restrictions on accessing default photo directories. This discovery underscores the importance of cautious permission granting, especially when dealing with unfamiliar applications.

While the specific attack method has not yet been observed in the wild, its low entry barrier poses a significant risk. Users are advised to scrutinize permissions requested by web applications and to use temporary folders for testing unfamiliar tools. Relying on established apps and trusted cloud services for photo storage can mitigate potential damage.

Regular data backups and keeping devices updated are crucial preventative steps. This case highlights the potential for AI to transform theoretical browser vulnerabilities into tangible threats, emphasizing the need for ongoing vigilance in cybersecurity practices.

Cyber Security News Tags:Android, artificial intelligence, browser security, Chrome API, Cybersecurity, DeepSeek, File System Access API, InfernoGrabber, photo encryption, Ransomware

Post navigation

Previous Post: AI-Driven Ransomware Attack Exploits Langflow Vulnerability
Next Post: FortiBleed Credential Theft Ties Ransomware to INC and Lynx

Related Posts

Key Administrator of World’s Most Popular Dark Web Cybercrime Platform Arrested Key Administrator of World’s Most Popular Dark Web Cybercrime Platform Arrested Cyber Security News
Critical OpenClaw Vulnerability Allows AI Agent Hijacking Critical OpenClaw Vulnerability Allows AI Agent Hijacking Cyber Security News
Critical Flaw in ManageEngine AD360 Risks User Data Critical Flaw in ManageEngine AD360 Risks User Data Cyber Security News
Claude Mythos Preview Detects 10,000+ Zero-Day Threats Claude Mythos Preview Detects 10,000+ Zero-Day Threats Cyber Security News
Akira Ransomware Targets Over 250 Organizations, Extracts  Million in Ransom Payments – New CISA Report Akira Ransomware Targets Over 250 Organizations, Extracts $42 Million in Ransom Payments – New CISA Report Cyber Security News
Critical LiteSpeed cPanel Vulnerability Added to CISA List Critical LiteSpeed cPanel Vulnerability Added to CISA List Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Trump Lifts Ban on Anthropic AI Models Amid Security Concerns
  • FortiBleed Credential Theft Ties Ransomware to INC and Lynx
  • New Browser-Based Ransomware Targets Android Photos
  • AI-Driven Ransomware Attack Exploits Langflow Vulnerability
  • CISA Alerts on Critical SharePoint Vulnerability

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Trump Lifts Ban on Anthropic AI Models Amid Security Concerns
  • FortiBleed Credential Theft Ties Ransomware to INC and Lynx
  • New Browser-Based Ransomware Targets Android Photos
  • AI-Driven Ransomware Attack Exploits Langflow Vulnerability
  • CISA Alerts on Critical SharePoint Vulnerability

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark