What happened
A malicious Microsoft Edge extension dubbed Edgecution has been used in a ransomware-linked attack to escape the browser sandbox and deploy a Python-based backdoor on compromised Windows systems.
The attack begins with the threat actor posing as IT support personnel on Microsoft Teams. Victims are directed to a fraudulent Microsoft-themed page under the pretense of installing a spam filter update or managing Outlook updates.
The fake Microsoft “Outlook Updates Management Console” presents download buttons for update packs or software verification. Instead of legitimate updates, the buttons deliver malicious components, copy commands to the clipboard, or launch forms asking for Microsoft 365 and Outlook passwords.
Researchers at Zscaler said the malware can be deployed through an AutoHotKey script, a Windows batch script, or a PowerShell script. When executed, the scripts configure the environment, repair malformed ZIP file headers, extract malware files, and create a scheduled task that launches Microsoft Edge.
The malware components are downloaded from the fake Microsoft update site in a ZIP archive with malformed headers, a technique designed to prevent security products from recognizing the file as a valid archive.
The ZIP file contains an embedded Python 3.13.3 runtime and two directories named extension and native. The extension directory contains the malicious Microsoft Edge extension, disguised as an Edge Monitoring Agent. The native directory contains the components needed to bridge browser extension activity to host-level malware execution.
The Edgecution malware runs inside a headless Microsoft Edge browser, making it invisible to the user. The malicious extension connects to the attacker’s command-and-control server, receives commands, and sends execution results back to the operator.
Because browser extensions are normally restricted by the browser sandbox, the attacker uses Chrome’s Native Messaging protocol to communicate with a local native application. That native application is a Python-based backdoor that acts as the host-level executor.
The Python backdoor can execute shell commands, run PowerShell, run arbitrary Python code, write files to the host, enumerate running processes, and collect system information.
Researchers believe Edgecution is being deployed by an initial access broker connected to the Payouts Kings ransomware operation. They also warned that both malware components include unused commands that could be activated in future versions.
Who is affected
Windows organizations using Microsoft Edge are affected if employees are socially engineered into installing the malicious components from the fake Microsoft update page.
The attack is especially relevant to enterprises where users trust Microsoft Teams messages, internal IT support requests, Outlook update prompts, or browser-based update instructions.
Organizations targeted by ransomware access brokers are also at risk because the campaign appears connected to an initial access broker linked to Payouts Kings ransomware activity.
Endpoints where Microsoft Edge launches headlessly, unusual Edge extensions appear, or Chrome Native Messaging host configurations are created unexpectedly should be treated as suspicious.
Why CISOs should care
This campaign shows how browser extensions can become a bridge to host compromise when paired with Native Messaging. The malicious extension alone is limited by the browser sandbox, but the attacker bypasses that boundary by connecting it to a local Python backdoor.
For CISOs, the Microsoft Teams social engineering angle is especially important. The attacker poses as IT support and directs employees to a fake Microsoft update workflow, which can look plausible in environments where users are accustomed to software updates, spam filter changes, and Outlook-related troubleshooting.
The use of headless Edge also makes the attack harder for users to notice. Once the malware runs invisibly, the extension can receive commands from the attacker and relay them to the Python backdoor for execution on the host.
The campaign also reinforces the need to treat browser extension governance as part of endpoint security. Extensions are not just user productivity tools. In this case, a malicious extension, native messaging host, and scheduled task combine into a persistence and command execution mechanism.
3 practical actions
- Restrict browser extensions and Native Messaging hosts: Edgecution abuses a malicious Microsoft Edge extension and Chrome Native Messaging to reach a Python backdoor. CISOs should enforce extension allowlists, block unapproved extension installation, and monitor or restrict native messaging host registrations.
- Train users to reject Teams-based “IT support” update prompts: The attack starts with threat actors posing as IT support on Microsoft Teams and sending victims to fake Microsoft update pages. Security teams should warn employees that legitimate IT updates should not require visiting unfamiliar pages, pasting commands, or entering Microsoft 365 passwords into unexpected forms.
- Hunt for headless Edge and unusual Python execution: The malware runs in a headless Edge browser and uses an embedded Python runtime as the host-level executor. Defenders should review scheduled tasks, headless browser launches, unexpected Python directories, malformed ZIP extraction activity, and commands executed through Edge-linked processes.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.