Check Point Research identified a DeepSeek-attributed malicious Python Flask sample that transforms a theoretical browser ransomware risk into a practical attack using the File System Access API. The sample, disguised as a Discord avatar AI upscaler named InfernoGrabber v9.0, leverages social engineering to trick users into granting folder-level file access via browser permission prompts. Once access is granted, the web page can enumerate, read, exfiltrate, and encrypt files in the selected directory — all without installing a native payload or exploiting a browser vulnerability. The technique is particularly dangerous on Android where Chrome 132+ exposes the File System Access API to web content, allowing access to high-value photo directories including DCIM.