Edgecution: Fake Edge Extension Installs Backdoor via Native Messaging

Key Takeaways

• Edgecution is a malicious Microsoft Edge extension disguised as an "Edge Monitoring Agent" that is deployed via social engineering on Microsoft Teams.
• It uses Chrome's Native Messaging API — a legitimate browser protocol for communicating with desktop applications — to launch a Python backdoor outside the browser sandbox.
• The backdoor supports shell commands, PowerShell execution, arbitrary Python code, file writing, process enumeration, and system reconnaissance.
• Attack packages arrive in ZIP archives with intentionally malformed headers designed to evade antivirus detection.

How Does the Edgecution Attack Work?

The attack begins with social engineering. Attackers impersonate IT support personnel on Microsoft Teams, directing targets to a fraudulent web page that presents a fake "Outlook Updates Management Console" download button. Victims who click receive a ZIP archive containing AutoHotkey, batch, or PowerShell scripts that install the malicious extension components.

Once installed, the Edge extension — presented as a routine monitoring agent — connects to attacker-controlled command-and-control servers and runs in a headless browser instance, making it invisible to casual inspection. The extension receives instructions from the C2 and communicates results back, but the most critical capability comes next: the sandbox escape.

What Is the Native Messaging Sandbox Escape?

Browser extensions are supposed to be sandboxed, meaning they can manipulate web pages and access browser APIs but cannot reach the underlying operating system. Chrome and Edge both support a feature called Native Messaging that is specifically designed to break this boundary: it allows a browser extension to communicate with a native desktop application via a structured message protocol.

Native Messaging is a legitimate feature. Password managers use it to fill credentials. System management tools use it to query hardware. Edgecution abuses it to relay commands from its C2 server through the extension to a Python-based backdoor running on the host machine outside the browser's restricted environment entirely. The backdoor is not inside the browser. It is running as a normal Windows process with the privileges of the logged-in user.

From that position, the backdoor can execute shell commands, run PowerShell operations, write arbitrary files, enumerate running processes, and gather system information — a full remote access toolkit deployed through what started as a browser extension. Because the C2 traffic flows through the browser's trusted communication channel, network monitoring tools that trust browser traffic may not flag the activity.

How Does It Evade Detection?

The attack uses several evasion techniques. The initial ZIP archive has intentionally malformed headers — a technique that causes some antivirus engines to fail to parse the archive correctly and skip scanning its contents. The extension itself is presented as a routine IT tool, which reduces the likelihood of users or endpoint security teams flagging the installation request as suspicious.

The use of Native Messaging is particularly clever from an evasion standpoint: the protocol is used by legitimate software at scale, so blocking it outright would break real tools. Security teams that monitor for unusual process spawning may catch the Python backdoor, but teams relying solely on signature-based detection are less likely to identify the communication chain.

Who Is Behind Edgecution?

Zscaler researchers linked the campaign to the "Payouts Kings ransomware operation" through shared tactics, techniques, and infrastructure patterns consistent with initial access broker activity. Ransomware affiliates increasingly rely on initial access brokers — specialists who compromise networks and sell that access to ransomware operators. Edgecution appears to be an initial access operation: the goal is to establish a persistent backdoor, which can then be monetized by selling access to the compromised network or deploying ransomware directly.

What Can Organizations and Users Do?

Several defensive measures address different parts of this attack chain:

• Restrict extension installation via policy: Enterprise environments can use browser management policies to limit which extensions users can install to a pre-approved allowlist. This eliminates the risk of a social-engineered extension installation.
• Block or monitor Native Messaging manifests: Native Messaging applications require a JSON manifest file to be installed on the host. Monitoring for new manifest files or restricting which applications can register as Native Messaging hosts reduces the attack surface.
• Train teams to verify IT requests out of band: The attack begins with a social engineering step on Teams. A policy of verifying unusual IT requests through a separate channel (a ticket system or a callback to a known number) breaks the first link in the chain.
• Alert on headless browser processes: Edgecution runs Edge in headless mode, which is unusual outside of development or testing environments. Alerting on headless browser spawned from unexpected parent processes can catch this pattern.

Browser extensions remain a significant attack surface because users install them casually and organizations rarely audit what is running in employee browsers. The Edgecution campaign is a reminder that an extension is not sandboxed from the operating system in the way users typically assume — it has a legitimate protocol to step out of the browser whenever it needs to. For a broader look at how malware reaches inboxes through unexpected vectors, see hackers hide malware inside real ChatGPT share links.

Sources: BleepingComputer — Malicious Edge Extension Abuses Native Messaging, Zscaler ThreatLabz research.