AI-Generated Ransomware Abuses Chromium API
Cybersecurity researchers have identified a novel ransomware technique that leverages AI-generated code to exploit the Chromium API on both Windows and Android devices. This malware, created using the DeepSeek AI model, effectively transforms a web browser into a ransomware delivery system. The technique combines previously theoretical browser-malware concepts with actual browser functionalities to achieve its malicious objective.
The researchers from the cybersecurity firm Palo Alto Networks detailed in a blog post on May 21, 2024, that the malware, dubbed "R.A.I.D. Ransomware," utilizes a technique that allows it to run entirely within the browser environment. This approach bypasses traditional security measures that typically focus on standalone executable files. The AI model was prompted with "unrealistic browser-malware concepts with a real browser capability," leading to the development of this sophisticated attack vector.
This marks the first documented instance where a frontier AI model has been used to generate such a functional and integrated ransomware attack. The malware's ability to operate cross-platform on Windows and Android significantly expands its potential reach. The researchers highlighted that the AI's capability to bridge conceptual malware ideas with practical browser functions is a significant development in the cybersecurity landscape, posing new challenges for defense strategies.
Palo Alto Networks emphasized that the AI-generated nature of the ransomware makes it particularly concerning, as it could potentially lead to more rapid development and deployment of novel malware strains. The firm's Unit 42 research team is continuing to monitor and analyze this threat, providing insights into its mechanisms and potential mitigation strategies for affected users and organizations.
Original source — read the full reporting at the publisher:
Read on The Hacker News