The Hacker News ·EN News source
AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android
CVE Tools coverage
Researchers report a new ransomware attack chain that was developed with DeepSeek and operates entirely within the browser on Google Chrome and other Chromium-based browsers on Windows and Android, using the File System Access API. The campaign centers on the malware sample InfernoGrabber v9.0 and a Python Flask application, which performs local file enumeration, exfiltration, encryption, and shows a “WinLocker” Bitcoin demand without installing a native payload. VirusTotal also links the code to browser exploitation routines involving CVE-2023-4863, underscoring how AI can turn speculative concepts into practical threats and why permission and browser security boundaries matter.