{"id":14025,"date":"2026-07-02T10:03:38","date_gmt":"2026-07-02T10:03:38","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/07\/02\/browser-only-ransomware-abuses-chrome-file-system-access-api-to-encrypt-android-photos\/"},"modified":"2026-07-02T10:03:38","modified_gmt":"2026-07-02T10:03:38","slug":"browser-only-ransomware-abuses-chrome-file-system-access-api-to-encrypt-android-photos","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/07\/02\/browser-only-ransomware-abuses-chrome-file-system-access-api-to-encrypt-android-photos\/","title":{"rendered":"Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos"},"content":{"rendered":"<p>    Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">A new ransomware technique can now run entirely inside a web browser, with no app installation or root access required. It targets Android photo directories by abusing a legitimate Chrome feature meant for photo editing. <\/p>\n<p class=\"wp-block-paragraph\">The attack begins with something as simple as opening a webpage that promises to enhance a picture. <a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>This method relies on the File System Access API, a <a href=\"https:\/\/cybersecuritynews.com\/new-chrome-feature-alerts-users-about-malicious-extensions\/\" id=\"38624\" target=\"_blank\" rel=\"noreferrer noopener\">Chrome feature that lets websites read and write files<\/a> once a user grants permission. <\/p>\n<p class=\"wp-block-paragraph\">Attackers disguise their request as a photo enhancement tool, convincing victims to hand over folder access voluntarily. Once access is granted, the page can quietly encrypt image files stored on the device.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The technique first surfaced inside code generated by an artificial intelligence model rather than being built by a human attacker. The AI system combined a fictional ransomware idea with a real browser capability, turning a flawed concept into a workable attack blueprint.<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/research.checkpoint.com\/2026\/browser-only-ransomware-from-llm-hallucinations-to-a-practical-attack-technique\/\" id=\"https:\/\/research.checkpoint.com\/2026\/browser-only-ransomware-from-llm-hallucinations-to-a-practical-attack-technique\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Check Point said in a report<\/a> shared with Cyber Security News (CSN) that they identified the sample while reviewing files linked to the AI model DeepSeek. <\/p>\n<p class=\"wp-block-paragraph\">The sample called itself InfernoGrabber and was built as a Discord themed avatar upscaler, though its true purpose was to steal and lock personal files. One part of the messy code stood out, the ability to request folder access and tamper with files inside.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">That single working piece became the foundation for a proof of concept researchers later built themselves, confirming the risk was real rather than theoretical.<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\"><\/a><\/p>\n<h2 id=\"h-browser-only-ransomware\" class=\"wp-block-heading\"><strong>Browser-Only Ransomware<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The File System Access API was designed for legitimate tools like online photo editors and document apps. It lets a webpage ask for permission to read or modify files in a chosen folder, and once approved, the page can act on that folder directly. <\/p>\n<p class=\"wp-block-paragraph\">This feature has existed on desktop Chrome since version 86 and reached Android with Chrome 132.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Researchers tested the technique on <a href=\"https:\/\/cybersecuritynews.com\/chrome148-vulnerabilities-patched\/\" id=\"https:\/\/cybersecuritynews.com\/chrome148-vulnerabilities-patched\/\" target=\"_blank\" rel=\"noreferrer noopener\">Android devices running Chrome 148<\/a> and found the root of the default Pictures and Videos folders, including the DCIM directory, was not restricted. <\/p>\n<p class=\"wp-block-paragraph\">That matters because Android photo galleries often hold identity documents, banking screenshots, and years of personal memories. A fake AI photo upscaler gives users an easy reason to approve folder access.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgR2SxqnQc7pHTAiJ15lYUAmnu_B1XTZvl7p7Bmn_Jd_iSIAEJvMMJGZu73BwqhrwainVeidayp1xpDijd2BPp7W_I-d7dp7c7SeZs8ecxhQ5BikOnI9RyOr9GrzVnjlOjwtiK60Y33q1XSoc128kNzN9P0AvkzlngeESnign2GrTcznEhmOrE_V05nVvU\/s1600\/Fake%2520Discord%2520avatar%2520AI%2520upscaler%2520%28Source%2520-%2520Check%2520Point%29.webp?ssl=1\" alt=\"Fake Discord avatar AI upscaler (Source - Check Point)\"><figcaption class=\"wp-element-caption\">Fake Discord avatar AI upscaler (Source \u2013 Check Point)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">During testing, the process felt completely ordinary. A user opens a page, picks a photo, chooses a folder to save the improved version, and grants the permission Chrome asks for. <\/p>\n<p class=\"wp-block-paragraph\">Behind that normal flow, the page can silently encrypt every picture in the folder during what appears to be routine processing. <\/p>\n<h2 id=\"h-from-ai-hallucination-to-working-proof\" class=\"wp-block-heading\"><strong>From AI Hallucination to Working Proof<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">When <a href=\"https:\/\/cybersecuritynews.com\/deepseek-ai-powers-with-huawei-chips\/\" id=\"90694\" target=\"_blank\" rel=\"noreferrer noopener\">researchers asked the newer DeepSeek V4 model directly for ransomware<\/a>, it refused every time. Removing obvious trigger words like ransomware while keeping the same intent led to different results depending on the mode used. <\/p>\n<p class=\"wp-block-paragraph\">In one attempt, the model described its own output as a trap combining a convincing interface with hidden harmful behavior, yet still produced the code.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Comparable attempts against other well known AI systems either failed outright or produced safer versions that avoided the risky browser feature. This does not mean other systems are immune, since a patient user could assemble the same attack from harmless looking requests.<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The ransom note overlay, styled after InfernoGrabber, demanded payment in Bitcoin and threatened to leak stolen data. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgfbbQzTHYKv2CEr2jaVmSrRCNBW8Ctl6p8ggnXQBR0_lPFoexwALwIH6u42jTgihipeMg0Ai8iHqYhgB5j7rRJAUqU7QvsK9AWCLYH5M3WJ1ge9Oxa15587whXPeRZWoOrd_SSirI3SMDFASIe_O2C4jSXJegWJ_RAAROPhBpmWeO1CXrdHyjCbRzr_Ik\/s1600\/InfernoGrabber%2520ransom-note%2520overlay%2520%28Source%2520-%2520Check%2520Point%29.webp?ssl=1\" alt=\"InfernoGrabber ransom-note overlay (Source - Check Point)\"><figcaption class=\"wp-element-caption\">InfernoGrabber ransom-note overlay (Source \u2013 Check Point)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">Researchers have not seen this exact technique used in real attacks yet, but the demonstration shows the barrier to entry is now low.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Because the risk sits in how permissions are granted rather than in a flaw that can be patched, caution matters greatly. Treat any request for folder access as a decision worth pausing on.<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/cybersecuritynews.com\/iphone-spyware-protection\/\" id=\"105762\" target=\"_blank\" rel=\"noreferrer noopener\">Avoid pointing unfamiliar tools at folders holding personal photos<\/a> or identity documents, and pick a temporary folder for testing instead. Established apps and trusted cloud services remain a safer choice for photo collections that matter.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Regular backups, whether offline or in the cloud, reduce the damage if files are encrypted this way. Updating Chrome and Android regularly also helps, since makers keep refining these permissions.<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">This case shows how artificial intelligence can turn a theoretical browser risk into a genuine, working attack technique.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\" id=\"h-indicators-of-compromise-iocs\"><strong>Indicators of Compromise (IoCs):-<\/strong><\/p>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">Type<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Indicator<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>SHA256<\/td>\n<td>07c39f79ab92fb21557b82283472dce1c112f577d796111fb752c3c6d84c86b5<\/td>\n<td>Python Flask application implementing the AI-generated in-browser ransomware sample, dubbed InfernoGrabber\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>Malware Name<\/td>\n<td>InfernoGrabber v9.0<\/td>\n<td>Ransom-note branding displayed on the victim-facing overlay after the fake photo processing step\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>Lure Type<\/td>\n<td>Fake AI avatar\/photo upscaler web page<\/td>\n<td>Discord-themed phishing lure used to trick victims into granting File System Access permissions\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/d477a41f-ef83-47b1-a200-4cf82af9b6c1\/Browser-Only-Ransomware-Abuses-Chrome-File-System-Access-API-to-Encrypt-Android-Photos.pdf?AWSAccessKeyId=ASIA2F3EMEYE72VZC2M6&amp;Signature=kUNoHh2zWe82nvFYL4L5U5WL3%2B0%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjECcaCXVzLWVhc3QtMSJHMEUCIHD04rg%2BIkVS1rRgfcnvRGyUH8Fs%2Fdoz%2BJQbddZtFkoSAiEA7bCZK%2F%2FsOOfgITExN4J4xV%2F8RPN0DxxKOG2aovfw2ygq%2FAQI8P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgw2OTk3NTMzMDk3MDUiDJlow%2FTHUaMVc0D1gCrQBAF9kcfNWsHA1t7cSNS76KN5SsVoTYm8VE6nSGO76NUXYtt4qUP2%2BUHQ3PuZTwomH%2FWzWKBCk5vtrBFveveftqaWJmNwRAaclcjvHawtAEelewvuCE24Y3hM3T7U9Vs0w0UuFcHArgDzwe7ovhjZuU%2B68RAZvalcxTDTUbD%2B8y3tD69pA6iZcchiRg7CSmzxhHQT2pWZ1Ue4ayGQsbqMKyUaeGWa95%2FekGDsO7All0IrjkZKNOe6y9hefXFndRc2Oj6b%2Fdj%2BCw1uVpS%2FDqMRqOnlJ9UtbvPOpTFPoZ7XOIa2CiF0z3ePLbOFeCTO59lWhnKpgPE3E0WY77%2BcdVFhdA6myunWQumMhhNdMqI91c7YZs3iFTa8exyfm%2FZBj0Ud43fH1WdF5OKpvaKKdd3bgHPxFW%2B%2FoOicarqGf8LqyLV1sk%2Fs%2FXfmOpUwuI%2BJiVREKG7GDBjJa0znGiSKl1W3lRlsSp49OqG8qsJO2G1k1mS4dzCiE5SylUJGuLB3TB%2FERS41zX%2BY97JozxevRQ0%2BHn%2BeuitBOAJ5rmUy4UvrMwlXA%2Be%2BehxyRL%2BOZYvFPMIk7C8spO59Yj2yggPfYo10G5ZWAGlf8l5yH7HKsQliA29GWoVqnJ3ijXHi6Ua8lKPPIKTKe%2BrpMqgItqY5K9%2FhnQG%2FCj2ZtT04aiKFccbLIdQYum48VhKZ2NbyRFzdlxwOuInG3zuO%2FtXGi19rdHZj6L1%2BFOOevDzoW5Gw0cjLJB271%2F46jFKktdxM2SLFZzDqzztw1xxxoGTHCtHTF4IFvVMwto2Y0gY6mAGiTn%2BHYlsNfaVa4xjApmD34WgkQMVS7qAT5BOXPk2xYF%2Fn%2BhCiUMbMWeYfSPAlk3XgfsJLxZ38aimajMDKt%2FMNGm1PuaZ47LvskOEekelP2uRyIkae8XQ7Ns%2B2WiKXA6wuOlwYZge%2BkvJidicxWEQjHq%2BchQbO%2Birg7dXlXIWba8eY5gEO3%2FXLT1E54ZXILNOGRtPNEt3BMg%3D%3D&amp;Expires=1782977673\"><\/a>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p class=\"wp-block-paragraph\"><strong>Note:<\/strong>\u00a0<em>IP addresses and domains are intentionally defanged (e.g.,\u00a0<\/em><code><em>[.]<\/em><\/code><em>) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM<\/em>.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 91%,rgb(169,184,195) 100%)\"><strong><strong>\u00a0Strengthen Your SOC by Accelerating Threat Detection &amp; Rapid Investigations.\u00a0-&gt;\u00a0<a href=\"https:\/\/any.run\/enterprise\/?utm_source=csn&amp;utm_medium=links&amp;utm_campaign=sandbox&amp;utm_content=enterprise&amp;utm_term=0626#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Integrate ANY.RUN With Your SOC\u00a0<\/a><strong><a href=\"https:\/\/any.run\/enterprise\/?utm_source=csn&amp;utm_medium=links&amp;utm_campaign=sandbox&amp;utm_content=enterprise&amp;utm_term=0626#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Now<\/a><\/strong>.<\/strong><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/browser-only-ransomware-abuses-chrome-file-system-access-api\/\">Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Tushar Subhra Dutta<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/browser-only-ransomware-abuses-chrome-file-system-access-api\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos A new ransomware technique can now run entirely inside a web browser, with no app installation or root access required. It targets Android photo directories by abusing a legitimate Chrome feature meant for photo editing. The attack begins with something as simple as [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-14025","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14025"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=14025"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14025\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=14025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=14025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=14025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}