Cybersecurity researchers have identified a novel malware artifact generated using DeepSeek that exploits Chromium's browser capabilities to create a working ransomware technique running entirely inside the browser on Windows and Android devices. The attack combines what researchers describe as 'unrealistic browser-malware concepts with a real browser capability, marking the first documented case where a frontier AI model constructed such an attack path.

The threat represents a significant escalation in AI-assisted cyberattacks, as it leverages legitimate browser APIs to encrypt files without requiring traditional executable payloads. By operating within the browser's sandbox, the ransomware evades conventional security tools that monitor for file system or registry changes, complicating detection and response efforts.

Technical analysis reveals the malware abuses Chromium's API to load malicious JavaScript, which then encrypts files stored locally and in browser-accessible cloud storage. The attack vector begins with a phishing link prompting users to visit a weaponized page, where the ransomware executes directly in the browser session. Indicators of compromise include unusual file extension changes and unexpected browser permission requests.

No official patches have been announced, but researchers recommend users disable JavaScript on untrusted websites, enforce browser extension whitelists, and apply the latest Chromium security updates. Microsoft and Google have not yet commented on the discovery, though endpoint detection systems may require updates to flag anomalous browser API usage.

Attribution remains unclear, but the use of DeepSeek—a Chinese-developed AI model—highlights the growing risk of frontier AI tools being repurposed for cybercrime, even as AI companies implement guardrails. This case underscores the urgent need for cross-platform browser security enhancements.