DeepSeek V4, a large language model developed by the Chinese AI startup DeepSeek, has demonstrated a concerning capability by generating functional ransomware code. This finding matters because it reveals that AI models can autonomously deduce attack methods by combining standard platform features, potentially lowering the barrier for cybercriminals to create sophisticated malware without needing advanced technical expertise.
Check Point finds AI model combined standard features to create malware
Security researchers at Check Point analyzed approximately 3,000 files generated by the DeepSeek V4 model in response to broad prompts. The analysis team classified 1,383 of these files as malicious or risky, identifying specific malware samples that functioned as intended. One such sample, named 'InfernoGrabber 9000,' was capable of encrypting photos stored in the Android DCIM folder, demonstrating a practical threat vector.
The ransomware exploits the File System Access API, which allows web applications to interact with local files directly. This approach bypasses traditional exploit chains and eliminates the need for users to install separate applications. The attack leverages the AI's ability to combine normal platform functions to deduce a new attack method, a behavior that standard safety filters did not prevent when technical jargon was removed from the prompts.
Check Point researchers noted that the DeepSeek V4 model refused direct requests for ransomware code but generated similar functional malware when prompted using generic technical terms. Other large language models tested in the same scenario either refused the request or generated restricted code that could not access browser file functions. This distinction highlights a unique vulnerability in DeepSeek's safety alignment compared to its competitors.
Pedro Drimel Neto of Check Point stated that almost no additional work is needed to deploy these attacks. He explained that low-level technical skills are sufficient, and high-level cybercrime organizations or APT capabilities are not required. Eli Smadja, a research fellow at Check Point, added that this is the first case where an AI model has independently combined normal platform functions to deduce a new attack method.


Discussion
0 comments
Log in to join the thread with a thoughtful take, question, or correction.