DeepSeek Independently Discovers a Working Browser-Only Ransomware Technique

Security researchers at Check Point say they have documented the first known case of a frontier AI model independently bridging the gap between a purely theoretical attack concept and a working, practical malware technique. Using DeepSeek, researchers generated a malware artifact that combined what had been dismissed as an unrealistic browser-malware concept with a real, existing browser capability, turning it into a functional ransomware technique that runs entirely inside the browser on both Windows and Android devices, without ever touching the underlying operating system.

Why This Discovery Matters More Than a Single Malware Sample

Browser-only ransomware has long been discussed within security research circles as a theoretical possibility, but one widely dismissed as impractical given the sandboxing restrictions modern browsers impose specifically to prevent web content from accessing or encrypting files on a user’s actual system. Check Point’s finding is significant precisely because it demonstrates that this theoretical dismissal may no longer hold: the AI model surfaced a genuine, working attack path that defenders had specifically ruled out as infeasible due to browser sandboxing limits.

Check Point’s own framing of the discovery captures why this matters for the broader security industry:

  • The expertise bottleneck is disappearing — discovering genuinely novel attack paths has traditionally required deep, specialized security research expertise that takes years to develop; this case shows an AI model performing that discovery function independently
  • Previously dismissed risks need re-examination — security teams that ruled out certain attack categories as theoretically infeasible should revisit those assumptions given AI’s demonstrated ability to bridge conceptual and practical gaps that human researchers had not yet closed
  • The timeline from concept to operational threat is compressing — Check Point explicitly warned that defenders need to account for this shift now, before threat actors operationalize similar AI-discovered attack paths at scale

A Wave of AI Application Infrastructure Under Active Attack

Separately, threat actors continue exploiting a critical Langflow vulnerability, tracked as CVE-2026-33017 with a CVSS score of 9.3, to deliver Monero cryptocurrency mining malware. In one documented campaign spanning 19 days between March 27 and April 15, a single line of Python code evaluated inside an unauthenticated Langflow API endpoint pulled down a shell script, fetched a miner binary, and launched it, with the malware specifically designed to terminate competing cryptocurrency miners including Kinsing, WatchDog, Rocke, and Outlaw already present on compromised systems.

This continued exploitation of exposed AI application endpoints reinforces a pattern reappearing across multiple recent malware campaigns: as organizations rapidly deploy AI development frameworks like Langflow, many are doing so without the same security hardening rigor applied to more established enterprise software, leaving genuinely critical remote-code-execution vulnerabilities exposed and actively exploited for months at a time.

A Malicious Browser Extension Escapes the Sandbox

A malicious Microsoft Edge extension dubbed Edgecution has been used in an actual ransomware attack to escape the browser sandbox entirely and deploy a Python-based backdoor, providing a real-world, already-weaponized example of exactly the kind of browser-boundary-breaking technique that Check Point’s DeepSeek research suggests may become considerably more common. Browser extensions represent a persistently underappreciated attack surface, since users frequently install them with far less scrutiny than they would apply to a standalone executable, despite extensions often carrying broad permissions to read and modify content across every website a user visits.

A Social Engineering Campaign Uses Blogger as Cover

A new multi-stage malware delivery chain, tracked as VEIL#DROP by security researchers at Securonix, uses social engineering alongside legitimate Blogger pages to deliver an information stealer called PureLogs. The infection chain begins with a deceptively named JavaScript file disguised as a document, which executes through Windows Script Host and launches PowerShell with execution policy protections deliberately bypassed. Using a legitimate, trusted platform like Blogger to host next-stage malicious payloads is a deliberate evasion technique, since security tools and users alike are considerably less likely to flag traffic to a well-known, broadly legitimate blogging platform compared to an obviously suspicious or newly registered domain.

A macOS Malware Family Targets AI Analysts Specifically

A newly discovered macOS malware dubbed Gaslight is specifically designed to confuse AI-assisted malware analysis tools, hiding prompt injection strings and fake debugging data directly within its executable code. This represents the flip side of the DeepSeek discovery covered above: while Check Point demonstrated AI independently discovering new attack techniques, Gaslight demonstrates malware authors actively engineering their code to specifically deceive the AI systems now commonly used to analyze and classify malware samples, a genuinely new front in the ongoing arms race between attackers and defenders.

An Android App Store Infection Affects Millions

The NoVoice Android malware has been discovered on Google Play, infecting more than 2.3 million devices by exploiting older Android vulnerabilities to gain root access, primarily targeting WhatsApp for data theft. An infection of this scale, distributed through the official Google Play store rather than a third-party app repository, underscores how persistently difficult it remains for even well-resourced app store operators to catch sophisticated malware before it reaches millions of installations, particularly when the malware specifically exploits older, unpatched vulnerabilities on devices that have fallen behind on security updates.

Operation Endgame Continues Disrupting Criminal Infrastructure

Microsoft, Europol, and international law enforcement partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of the ongoing Operation Endgame initiative, which specifically targets the criminal services and infrastructure providers underpinning ransomware and broader cybercrime operations. Separately, Microsoft removed 73 repositories across its own Azure, Microsoft, Azure-Samples, and MicrosoftDocs GitHub organizations, disrupting continuous integration pipelines that had apparently been compromised or abused as part of a related threat campaign.

What Security Teams Should Do Now

Given Check Point’s DeepSeek-discovered browser-ransomware finding, security teams should specifically reassess any attack category previously dismissed as theoretically infeasible due to platform sandboxing or architectural constraints, since AI models are now demonstrably capable of independently identifying practical bridges between theory and working exploitation. Organizations running Langflow or similar AI application development frameworks should treat exposed, unauthenticated endpoints as an urgent patching priority given confirmed months-long active exploitation. And given the Gaslight discovery, security teams increasingly relying on AI-assisted malware analysis should build in independent verification steps rather than trusting AI analysis conclusions in isolation, since malware authors are now actively engineering their code specifically to deceive those AI analysis tools.

Check Point’s warning deserves to be taken at face value: the expertise needed to discover genuinely novel attack paths is no longer the bottleneck it once was, and defenders who continue operating as though sophisticated attack technique discovery still requires years of specialized human research are already behind where the threat landscape actually stands.


Published by MAJ.COM AI Autonomous
Email: Support@MAJ.COM
Website: https://QUE.COM Intelligence | Sponsored by https://MAJ.COM Automate Your Business. Multiple Your Revenue.

Subscribe to continue reading

Subscribe to get access to the rest of this post and other subscriber-only content.

Founder & CEO, EM @QUE.COM

Founder, QUE.COM Artificial Intelligence and Machine Learning. Founder, Yehey.com a Shout for Joy! MAJ.COM Management of Assets and Joint Ventures. More at KING.NET Ideas to Life | Network of Innovation

kingdotnet has 2831 posts and counting.See all posts by kingdotnet