{"id":284723,"date":"2026-07-01T15:57:00","date_gmt":"2026-07-01T19:57:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/01\/somebody-told-deepseek-to-build-in-browser-ransomware-and-it-gleefully-complied\/"},"modified":"2026-07-01T21:25:20","modified_gmt":"2026-07-02T01:25:20","slug":"somebody-told-deepseek-to-build-in-browser-ransomware-and-it-gleefully-complied","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/01\/somebody-told-deepseek-to-build-in-browser-ransomware-and-it-gleefully-complied\/","title":{"rendered":"Somebody told DeepSeek to build in-browser ransomware and it gleefully complied"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/01\/somebody-told-deepseek-to-build-in-browser-ransomware-and-it-gleefully-complied\/5265311\">Somebody told DeepSeek to build in-browser ransomware and it gleefully complied<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/01\/somebody-told-deepseek-to-build-in-browser-ransomware-and-it-gleefully-complied\/5265311\">https:\/\/www.theregister.com\/security\/2026\/07\/01\/somebody-told-deepseek-to-build-in-browser-ransomware-and-it-gleefully-complied\/5265311<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-01 15:57:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>You can&#8217;t ask most models to help you make &#8220;ransomware&#8221; directly, but many will be more than willing if you give them the right prompt. DeepSeek and other LLMs with fewer safety and security controls make theoretical cyberthreats &#8211; like browser-only ransomware &#8211; much more likely to be used in real-world infections, according to Check Point researchers.<\/p>\n<p>The Israeli cybersecurity company analyzed a DeepSeek-generated sample in a Wednesday report that its threat hunters describe as in-browser ransomware.<\/p>\n<p>Over the past year, the team has tracked almost 3,000 files attributed to DeepSeek, and classified nearly half (1,383 files) as malicious or dangerous using VirusTotal or static source analysis.<\/p>\n<p>\u201cWithin this dataset, we found a sample that implemented a dangerous browser-native technique we have not observed exploited in the wild,\u201d researcher Alexey Bukhteyev wrote.\u00a0<\/p>\n<p>And while the sample was incomplete, and unable to pull off an in-the-wild infection, the security shop\u2019s testing showed \u201clittle effort\u201d would be required to make it attack-ready.<\/p>\n<p>\u201cOur research shows that the original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,\u201d Pedro Drimel Neto, malware analysis team leader at Check Point Research, told <span class=\"italic m-italic \" data-lab-italic=\"italic\">The Register<\/span>.\u00a0<\/p>\n<p>\u201cVery little effort is needed,\u201d Neto said. \u201cLow-level expertise is sufficient. You don&#8217;t need to be a sophisticated cybercriminal or advanced persistent threat group. In fact, we&#8217;ve already observed evidence of actual threat actors attempting this attack using straightforward LLM prompts.\u201d<\/p>\n<h3>Known threat gets an AI boost<\/h3>\n<p>The risk ransomware poses to browsers isn\u2019t a new idea. The File System Access specification lists ransomware as a security consideration, and a 2023 USENIX Security paper on Ransomware over Modern Web Browsers described how File System Access API could be abused to encrypt local files from a malicious web application.<\/p>\n<p>The File System Access API is a&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/security\/2026\/07\/01\/somebody-told-deepseek-to-build-in-browser-ransomware-and-it-gleefully-complied\/5265311\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Somebody told DeepSeek to build in-browser ransomware and it gleefully complied https:\/\/www.theregister.com\/security\/2026\/07\/01\/somebody-told-deepseek-to-build-in-browser-ransomware-and-it-gleefully-complied\/5265311 Publish Date: 2026-07-01&#8230;<\/p>\n","protected":false},"author":1,"featured_media":284724,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/image.theregister.com\/5265341.jpg?imageId=5265341&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,17,32],"class_list":["post-284723","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-llm","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/284723"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=284723"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/284723\/revisions"}],"predecessor-version":[{"id":284725,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/284723\/revisions\/284725"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/284724"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=284723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=284723"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=284723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}