A New Class of Browser-Based Ransomware
Cybersecurity researchers have flagged a novel and alarming malware artifact: a browser-native ransomware generated using the DeepSeek AI model that encrypts user files entirely through the browser, without deploying a traditional executable to disk. The attack abuses the Chromium File System Access API — a legitimate browser capability — to achieve file encryption across Windows, Linux, macOS, and Android.
The discovery highlights the accelerating threat of AI-assisted malware development and the emerging risk surface created by powerful browser APIs that were designed for productivity but can be weaponized for destructive purposes.
How It Works
The Chromium File System Access API
The File System Access API is a legitimate Web platform feature implemented in Chromium-based browsers (Chrome, Edge, Brave, Opera, and others). It allows web applications to read and write files on the user's local filesystem — with user consent — enabling browser-based IDEs, photo editors, and productivity apps to work with local files.
The attack weaponizes this capability:
1. User visits malicious/compromised web page
2. Page requests filesystem access via showOpenFilePicker() or showDirectoryPicker()
→ Browser shows a native "Open" dialog (looks legitimate)
3. User grants access (social engineering: "Allow to continue")
4. JavaScript running in the page iterates through granted directory
5. Files are read, encrypted with attacker-controlled key, and written back
(using FileSystemWritableFileStream)
6. Ransom note dropped as .txt file in each directory
7. Decryption key only available upon ransom payment
The critical insight is that no executable is ever written to disk. The attack runs entirely as JavaScript in the browser process — making it resistant to many traditional endpoint detection approaches that focus on monitoring process creation and file writes from native executables.
AI-Assisted Generation
The malware artifact was analyzed and found to contain unmistakable signs of AI-generated code. Researchers attribute the generation to DeepSeek, noting:
- The code demonstrates "unrealistic browser-malware concepts" (things security researchers typically dismiss as theoretical) combined with real, exploitable browser capabilities
- The AI synthesized knowledge from security research papers, bug bounty writeups, and browser API documentation to construct a novel attack path
- Code structure and commenting patterns are consistent with LLM output
This is not the first AI-generated malware (VoidLink, analyzed earlier this year, is a more complex example) but it represents a significant lowering of the bar: a working ransomware technique generated from a conversational AI prompt.
Cross-Platform Impact
Because the attack runs inside Chromium — which is available on every major desktop and mobile platform — the same malicious page works against:
| Platform | Browser Engine | File Access |
|---|---|---|
| Windows 10/11 | Chromium | Full filesystem via File System Access API |
| macOS | Chromium | User-accessible files and directories |
| Linux | Chromium | Any path user grants access to |
| Android | Chrome/Chromium | Scoped access to downloads, documents |
iOS is notably not affected — Apple's WebKit engine (required for all iOS browsers) does not implement the File System Access API in a way that permits write access to the local filesystem.
Why This Matters
The "No Executable" Problem
Traditional ransomware drops a native binary (ransomware.exe, locker.elf, etc.) that endpoint detection and response (EDR) tools monitor for:
- Process creation from unusual parent processes
- Rapid file modification patterns (mass rename to
.encrypted) - Known ransomware signatures
Browser-native ransomware sidesteps all of these:
- No new process — writes happen via the browser's existing
chrome.exe/chromdprocess - No binary on disk — JavaScript in browser memory
- No signature match — the "payload" is dynamic JavaScript, not a static binary
- Legitimate API — the File System Access API is used by thousands of legitimate web apps
The AI Amplification Effect
The DeepSeek-generated nature of this artifact is significant for two reasons:
- Speed — what might take a skilled developer days to prototype was generated in minutes
- Creativity — AI systems can synthesize attack paths across disparate domains (browser security research + ransomware techniques) that human developers might not connect
Security researchers have long warned that AI would lower the barrier to sophisticated malware development. This finding provides concrete evidence.
Detection
Detecting this attack is challenging but not impossible:
Browser-Side Signals
- Unexpected directory picker dialogs on unfamiliar websites — legitimate sites rarely request broad filesystem access
- Slow browser performance during an apparent hang or spinner — could indicate mass file I/O in progress
- Files renamed or their content changed after a browser session
Endpoint Detection
Monitor for:
- chrome.exe / msedge.exe making large numbers of file write operations
- Files being modified in bulk by browser processes
- New .txt files appearing in directories alongside modified files
(ransomware note pattern)
EDR query example (Elastic/EQL):
file where process.name : ("chrome.exe", "msedge.exe", "chromium.exe")
and event.action : "overwrite"
and file.extension : ("docx", "xlsx", "pdf", "jpg", "png")
and count > 50 within 60s
Network Detection
The encryption key must be transmitted to the attacker's server. Monitor for:
- Browser processes making outbound HTTPS connections to newly registered or low-reputation domains
- WebSocket connections from browser to unknown endpoints established immediately after filesystem access is granted
Mitigation
For End Users
- Be extremely cautious when any website requests access to your files or directories via a browser dialog — legitimate sites have specific, obvious reasons for this
- Keep browsers updated — browser vendors can and do add security controls to APIs like File System Access
- Use browser extensions with content blocking to restrict which sites can invoke filesystem APIs
- Maintain offline backups — the only reliable defense against any ransomware is a backup that cannot be reached by the attacker (or browser)
For Administrators and Security Teams
Chrome Group Policy / Enterprise Controls:
- DefaultFileSystemReadGuardSetting: Block filesystem read access by default
- DefaultFileSystemWriteGuardSetting: Block filesystem write access by default
- FileSystemReadAskForUrls: Allow list (only trusted internal apps)
- FileSystemWriteAskForUrls: Allow list (only trusted internal apps)
Configure these via Chrome Enterprise or Intune for managed devices to prevent untrusted sites from invoking File System Access APIs.
Browser Vendor Response
This disclosure is expected to prompt review by Google's Chrome security team. The File System Access API already requires explicit user gesture and permission grant, but the research demonstrates that social engineering can trivially obtain that consent. Additional friction or user education within the browser permission dialog may follow.
The Broader AI-Malware Trend
This finding arrives alongside a growing body of evidence that AI is meaningfully accelerating malware development:
- VoidLink (early 2026): 88,000-line Zig-based cloud malware framework with AI-assisted development
- GhostWriter campaigns: AI-polished phishing lures with near-zero typos and culturally appropriate context
- DeepSeek browser ransomware (this finding): novel attack path combining browser API research with ransomware concepts
The security community's defensive response must accelerate at the same pace. AI-assisted threat detection, behavioral analysis rather than signature matching, and zero-trust access controls for browser capabilities are all areas where investment is increasingly urgent.