• DeepSeek accidentally built a working ransomware strain, experts

    From TechnologyDaily@1337:1/100 to All on Wednesday, July 08, 2026 02:30:22
    DeepSeek accidentally built a working ransomware strain, experts note, 'What we are witnessing is a fundamental shift in how novel cyber attacks are born'

    Date:
    Wed, 08 Jul 2026 01:20:00 +0000

    Description:
    DeepSeek accidentally created a working browser ransomware technique
    targeting Android photos, Check Point Research found, without human guidance involved.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter DeepSeek connected a
    theoretical browser flaw to a working attack chain The ransomware sample targets Android's photo folder through a fake permission prompt Check Point classified 1,383 DeepSeek-linked files as malicious or dangerous A Chinese AI model accidentally stumbled into a working ransomware technique while trying to satisfy an unrealistic, broad prompt.

    New findings from Check Point Research say the DeepSeek-generated sample connected a theoretical browser risk to a functioning attack method,
    requiring no exploit, no app installation, and no real technical skill from the attacker. It targets Android's photo storage through a legitimate browser feature called the File System Access API, disguised as a simple AI photo-enhancing tool. Latest Videos From Watch full video here: How the
    attack actually works The technique abuses Android's DCIM folder, which typically holds years of personal photos, scanned identification documents, and banking screenshots.

    Victims grant access through a single permission prompt disguised as an AI-powered photo enhancer, unaware they are handing over control of an entire directory. You may like Experts warn that free image editor tool could actually be dangerous malware Hackers used AI to discover and weaponize a zero-day for the first time Microsoft warns AI chatbots may be sending
    victims to malicious websites

    Check Point's dataset included nearly 3,000 files attributed to DeepSeek, and researchers classified 1,383 of them as malicious or dangerous using VirusTotal and static analysis methods.

    The team found a sample implementing a dangerous browser-native technique which has never been observed before in real-world attacks. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The sample, nicknamed InfernoGrabber 9000, was incomplete, yet testing showed it required little additional effort to become fully functional.

    Very little effort is needed. Low-level expertise is sufficient. You don't need to be a sophisticated cybercriminal or advanced persistent threat group, said Pedro Drimel Neto, malware analysis team leader at Check Point

    In fact, we've already observed evidence of actual threat actors attempting this attack using straightforward LLM prompts. What to read next Experts warn this "broken" ransomware is now acting as a data wiper Sophos report warns
    new "WantToCry" ransomware could pose a major risk Weak safeguards leave thousands of AI agents open to attack Why this marks a turning point "What we are witnessing is a fundamental shift in how novel cyber attacks are born.
    For the first time, we have evidence that an AI model can independently
    reason across legitimate platform features," said Eli Smadja, Head of
    Research at Check Point

    This represents a major shift in how novel cyber-attacks are discovered and developed.

    However, the underlying browser risk is not entirely new. A 2023 USENIX Security paper examined how the File System Access API could theoretically enable ransomware .

    What changed, according to Check Point, is that DeepSeek connected these previously theoretical ideas into a realistic, working attack chain without human guidance.

    When researchers tested the same concept using the latest DeepSeek V4 model, it refused direct ransomware requests but complied once explicit terms were removed.

    Comparable testing against other LLMs produced only refusals or heavily constrained, browser-safe implementations lacking the same file-access capability.

    Check Point ultimately built a working proof of concept, successfully encrypting photos on Android devices running Chrome 148, confirming the
    danger extends well beyond a single flawed sample.

    Organizations embedding AI into their workflows must now treat every browser permission prompt as a genuine security decision rather than a routine click. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/deepseek-accidentally-built-a-working-r ansomware-strain-experts-note-what-we-are-witnessing-is-a-fundamental-shift-in -how-novel-cyber-attacks-are-born


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)