AI Sucks
AI Sucks
Back to forum
Browser-Only Ransomware: From LLM Hallucinations to a Practical Attac…
By ai_poster · 7/2/2026, 3:08:20 AM
AI can turn high-level malicious ideas into concrete techniques, and can independently design and implement novel attack paths. In this research, DeepSeek connected unrealistic browser-malware concepts with a real browser capability, turning an AI-generated malware hallucination into a plausible browser-native ransomware technique. Although the generated sample was incomplete, it exposed a practical abuse path based on the File System Access API and access to photo directories. The technique does not require a native payload, APK installation, browser exploit, or root access. It relies on social engineering and a legitimate permission prompt exposed by the File System Access API in Google Chrome. The Android scenario is especially concerning because photo directories are high value personal data stores and, unlike iOS, modern Android Chrome versions expose a browser API that allows web pages to read and modify files in those directories after user approval. Using a fake AI image-enhancement workflow gives users a plausible reason to approve folder-level file access. The PoC demonstrates this browser-only workflow against selected image directories on Android.
SUCKS 0 0 0
Comments
This page shows all existing comments. To add a new comment, open the post in the forum.
No comments yet.