← Back to news

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android

The Hacker News01/07/2026, 12:59
Read full article →

Summary

AI-Generated

Key Points:

  • A new AI-generated ransomware, named InfernoGrabber v9.0, exploits the Chromium File System Access API to execute attacks entirely within the browser on Windows and Android devices.
  • The malware can steal sensitive information such as Discord tokens and credit card numbers, encrypt files, and display a ransom note without requiring traditional installation or elevated privileges.
  • Organizations are advised to enhance security measures by hardening delivery layers, re-evaluating permission-based trust, and treating browser prompts as critical security decisions.

Technical Details: The ransomware utilizes CVE-2023-4863 for browser exploitation and operates as a Python Flask application that functions as a malicious web server. It employs phishing tactics to gain file system access for data exfiltration.

MITRE ATT&CK Techniques:

  • T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
  • T1203 - Exploit Public-Facing Application (Initial Access)
  • T1040 - Network Sniffing (Credential Access)

IOCs Mentioned:

  • Filename: deepseek_python_20260125_da0631.py
  • Malware Name: InfernoGrabber v9.0
  • CVE ID: CVE-2023-4863

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.