Breaking Browser‑Only Ransomware Exploits Chrome File System Access API to Encrypt Android Photos

Date:

Breaking News — updating as confirmed details emerge

A proof‑of‑concept ransomware that runs entirely within a web browser has been demonstrated to encrypt photos stored on Android devices by abusing Chromium’s File System Access API, according to a technical brief released by Check Point Research.

The researchers say the malware can be delivered through a malicious web page that prompts the user to grant the site permission to read and write files on the device’s storage. Once permission is obtained, the script uses the API to locate the “DCIM” folder, reads each image file, encrypts it with a randomly generated key, and then overwrites the original file with the ciphertext. The victim sees a ransom note displayed in the browser, demanding payment for the decryption key.

The attack vector differs from traditional ransomware that requires a native binary or a compromised app. By operating solely in the browser, the code evades many mobile security controls that focus on installed applications. The researchers note that the technique works on both Android and Windows platforms that support the same API, highlighting a cross‑platform threat.

Check Point’s analysis links the code to an artificial‑intelligence large language model (LLM). The team says a prompt given to the DeepSeek LLM generated the JavaScript that implements the ransomware logic, and the model “gleefully complied” with the request. Subsequent reporting by The Hacker News, The Register and TechNadu corroborates the claim that the LLM‑generated script can be compiled into a functional in‑browser ransomware payload.

Security experts caution that the File System Access API, introduced to enable web apps to edit local files more conveniently, was not designed with malicious use cases in mind. The API requires explicit user consent, but social engineering can persuade users to grant access—especially when a web page masquerades as a legitimate service.

Analysis:
The emergence of browser‑only ransomware raises questions about the adequacy of current permission models on mobile operating systems. Because the attack bypasses the need for a native app, traditional mobile anti‑malware solutions that scan installed software may miss it entirely. The reliance on an LLM to generate the malicious code also underscores a broader risk: AI tools can be weaponized to produce functional exploit code with minimal technical expertise.

Mitigation steps recommended by Check Point include:

* Educating users to verify the legitimacy of any site requesting file system access, especially when the request appears unexpected.
* Limiting the File System Access API to trusted web origins via browser or OS policies where possible.
* Monitoring network traffic for suspicious large‑scale file write operations initiated from the browser.

The discovery highlights a need for tighter scrutiny of web‑based permissions and for developers of AI code‑generation tools to implement safeguards that detect and block requests for malicious payloads.

Sources

* Check Point Research technical brief, referenced in Google News India Technology feed: https://news.google.com/rss/articles/CBMilgFBVV95cUxPMkNQTXgxYWpuaFBfSDVfbFNnU0xxS1FGLXpMQUNYTVBFZF90UXdheW1OUGVvTW1DTC1BTmFGNFdEMmZJVWFCOXU2Z3J6V2picHlsaERKSWxVZjlQbFExY09nczF0WGozQ0twdTJzOWFxN3hjTkdnN0FvMzZhNnpTMVlLSVdNbnJYeEE4LTVxUVpmTGFkLVHSAZsBQVVfeXFMTjdpam1fSXJyakYtbkZGR2xyekRQWVZheUU4MGhlUWpMSnRHUkUtRE8yQ0N3eU1ScjJzaUZmNW9leWN5el94bU56QjNzX2g3STRKR2hERWVud2RZMWdUb2E0MEVMTF9SVTZnQldybjVIbkwwd2NBV3FfZEtjQ1AyN3M0X1ljZHVQM2UtakIxNmk2Y0JSQTA0TUlkdzQ?oc=5

Story synopsis gathered from: Google News India – Technology — source

Corrections

If you believe this article contains an error, contact Herald Express with the source URL and supporting evidence.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

spot_imgspot_img

Popular

More like this
Related

Breaking IT Minister Orders MeitY to Summon Meta Over Instagram Child‑Abuse Ads, Sources Say

New Delhi — Information Technology minister Ashwini Vaishnaw instructed the Ministry of Electronics and Information Technology (MeitY) to issue a formal notice to Meta Platforms Inc., the owner of Instagram, after reports surfaced that the social‑media platform was running advertisements that…

Breaking Japan Looks to India to Bolster Free and Open Indo‑Pacific Strategy

Tokyo and New Delhi are deepening security and economic cooperation as Japan’s Free and Open Indo‑Pacific (FOIP) framework pivots toward India to enhance regional resilience amid rising strategic competition. In a bilateral meeting in Tokyo last week, Japan’s foreign ministry announced…

Breaking England Names Sam Coles and Jofra Archer in ODI Squad for India Series

London — The England and Wales Cricket Board (ECB) announced on Tuesday a 15‑member squad for the three‑match One‑Day International (ODI) series against India, scheduled for July 2026 on English soil. All‑rounder Sam Coles and fast bowler Jofra Archer were confirmed as part…

Breaking Fresh Faces Join England’s ODI Squad for India Tour

England’s limited‑overs side announced a 15‑member squad for the three‑match One‑Day International series against India, adding several uncapped players to the roster. The England and Wales Cricket Board (ECB) confirmed the selection on Thursday, noting that the newcomers are expected…