A Chinese AI model called DeepSeek inadvertently generated code that links a once-theoretical browser risk to a plausible ransomware-style attack on Android phones, according to new research from cybersecurity firm Check Point.
The unsettling part: the scenario doesn’t rely on a traditional software exploit, doesn’t require installing an app, and wouldn’t take an elite hacking crew to pull off. Instead, it leans on a familiar weak point, people clicking “Allow” on a permission prompt they don’t fully understand.
Check Point says the attack chain targets the phone’s photo library through a browser feature known as the File System Access API, using a fake “AI photo enhancer” website to trick users into granting broad access to an entire folder.
Table des matières
Check Point flags 1,383 “dangerous” files tied to DeepSeek output
Check Point Research says its findings come from a dataset attributed to DeepSeek containing nearly 3,000 files. Using VirusTotal scans and static analysis, researchers classified 1,383 of those files as malicious or dangerous.
That volume matters, Check Point argues, because the concern isn’t one sketchy snippet, it’s a large enough pile to spot patterns: repeated offensive techniques, code reuse, and attempts to stitch together workable attack chains.
Within the dataset, researchers found a browser-native technique they say hasn’t been seen in real-world attacks before. The sample, nicknamed “InfernoGrabber 9000”, is described as incomplete but testable, and Check Point says turning it into something operational would take “very little effort.”
Pedro Drimel Neto, who leads Check Point’s malware analysis team, said the barrier to entry is low: “Low-level expertise is sufficient. You don’t need to be a sophisticated cybercriminal or advanced persistent threat group.” The bigger worry is copycats, opportunistic scammers who can replicate a method once it’s circulating.
Check Point also says it has seen signs that malicious actors are already trying to coax similar results from large language models using simple prompts. That doesn’t prove a large-scale campaign is underway, but it points to a shift: AI could make the brainstorming and prototyping phase of cybercrime faster and cheaper.
The target: Android’s DCIM folder, where your photos, and sensitive screenshots, live
The technique centers on the DCIM folder, the default directory where most phones store photos and videos. It’s also where many people unknowingly keep screenshots of sensitive material, passport photos, driver’s licenses, medical paperwork, bank details, and work documents.
The attack path uses the browser’s File System Access API, which allows a website to request access to files or folders after the user explicitly grants permission. In Check Point’s scenario, the website is disguised as an AI-powered photo enhancement tool, exactly the kind of service that sounds plausible when it asks to “access your photos.”
The catch is in the permission screen. According to the researchers, users may think they’re selecting a single image to edit, when they’re actually granting access to an entire directory.
Check Point emphasizes this isn’t “ransomware” in the classic sense of exploiting a software vulnerability that can be patched. It’s a misuse of legitimate functionality paired with social engineering, meaning fixes aren’t as simple as pushing an update. Mitigation may require clearer permission design, stronger browser guardrails, and better user warnings.
Operationally, a ransomware-style attack built on folder access could encrypt, or otherwise lock up, accessible files and then display a ransom demand. Check Point says the sample it observed isn’t fully complete, but testing suggests it could become functional with minimal additional work.
From academic theory to something attackers could actually use
Check Point frames the moment as a leap from “research paper risk” to “realistic playbook.” In 2023, an academic paper presented at USENIX Security, a major, highly respected computer security conference, explored how the File System Access API could theoretically enable ransomware-like scenarios.
Those papers often serve as early warnings, mapping out what could be possible without proving criminals will turn it into a ready-to-run attack chain. Check Point argues DeepSeek changes that equation by combining legitimate platform features into a coherent offensive workflow without direct human step-by-step guidance.
Eli Smadja, who leads research at Check Point, called it a turning point: “What we are witnessing is a fundamental shift in how novel cyber attacks are born.” He said the team believes it has evidence an AI model can “reason across legitimate platform features” to assemble an end-to-end attack concept.
In Check Point’s description, the DeepSeek-attributed sample strings together the key steps: a deceptive interface, a permission request, directory access, and file operations. It’s not a newly discovered “bug,” but a credible chain, often the difference between a scary idea and a scalable scam.
The researchers also say that when they tested the latest version they referenced, DeepSeek V4, the model refused direct requests for ransomware code, but became more cooperative when explicit terms were removed. That highlights a long-running weakness in AI safety controls: keyword-based guardrails can be sidestepped with euphemisms and indirect phrasing.
Check Point says similar tests against other AI models produced refusals or heavily constrained responses, suggesting meaningful differences in safety policies and enforcement, not necessarily a definitive ranking of which model is “most dangerous.”
Why this could hit everyday Android browsing, and supercharge scam economics
If browser-based ransomware-style attacks become common, the biggest risk is how routine the entry point is: a link in a text message, a social media post, a messaging app, or a search result. An attack that doesn’t require downloading an app removes one of the biggest red flags people have learned to watch for.
In this kind of scheme, the permission prompt becomes the make-or-break moment. Scammers already excel at cloning convincing interfaces, and “AI” branding gives them a ready-made excuse to ask for photo access. Expect lures like “AI photo restoration,” “smart album cleanup,” or “enhance old pictures”, all believable reasons to request access to images.
For browser makers, Check Point points to permission design as a pressure point: making it easier to grant access to a single file instead of an entire folder, and making warnings more explicit when a user selects a sensitive directory like DCIM. Behavioral detection could also help, flagging pages that immediately try to enumerate or modify large numbers of files, but those protections have to avoid breaking legitimate tools like file managers and backup services.
For users, the advice is blunt: don’t give full-folder access to a random website, be skeptical of free “AI photo” tools, and read permission prompts carefully. Keeping reliable backups, cloud or local, won’t prevent data exposure, but it can reduce the leverage of extortion if files get locked.
For businesses, the implications run straight into mobile device management: browser policies, restrictions on sensitive APIs, and monitoring. Check Point says it built a functional proof of concept, meaning the building blocks already exist in a reproducible form, and the speed at which criminals adopt it may depend less on technical difficulty than on how widely the technique spreads.
- Google Maps intègre Gemini pour réserver et commander: l’app de navigation vise le rôle de serveur - 9 juillet 2026
- 2 appareils Apple, iPhone 5c + iPad 2, classés obsolètes, réparations limitées en 2026, ce qui change pour vous - 9 juillet 2026
- 3 services publics ciblés, 2 garde-fous strictes, données municipales en 2026, ce que l’IA doit affronter en Acadie - 9 juillet 2026



