How the Attack Works
Security researchers have uncovered a new ransomware technique that operates entirely within a web browser, requiring no app installation or root access on Android devices. The attack abuses Chrome’s File System Access API, a legitimate feature designed for tools like online photo editors. When a user visits a malicious webpage disguised as an AI-powered photo upscaler, the site requests permission to read and write files in a selected folder. If the user grants this access, the page can silently encrypt image files in the background during what appears to be normal photo processing.
The technique was first identified in code generated by an artificial intelligence model, specifically DeepSeek V4. The AI produced a sample called InfernoGrabber, which masqueraded as a Discord-themed avatar upscaler but was actually designed to steal and lock personal files. Check Point researchers reported that while the original AI-generated code was messy, one functional piece allowed folder access and file tampering. The researchers built a proof of concept to confirm the risk is real.
Impact and Scope
During testing on Android devices running Chrome 148, researchers found that the default Pictures and Videos folders, including the DCIM directory, were not restricted. This means attackers could encrypt identity documents, banking screenshots, and personal photos. The ransom note demands payment in Bitcoin and threatens to leak stolen data. Although this exact technique has not been observed in real attacks, the demonstration shows a low barrier to entry for malicious actors.
The risk lies in how permissions are granted rather than a patchable software flaw. Users should be cautious about granting folder access to unfamiliar tools, use temporary folders for testing, maintain regular backups, and keep Chrome and Android updated. This case highlights how AI can transform a theoretical browser risk into a working attack method.
Source: Cyber Security News
