Source URL: www.bleepingcomputer.com/news/secu… BleepingComputer reports that a malicious Microsoft Edge extension called Edgecution has been used in a ransomware-linked intrusion to escape normal browser-extension constraints and deploy a Python-based backdoor. The attack begins with social engineering over Microsoft Teams, where attackers impersonate IT support and direct employees to a fake Microsoft update page that delivers scripts, malicious extension components and credential-harvesting prompts. Edgecution abuses Chrome Native Messaging to bridge from the browser extension to a host-level native application, enabling shell commands, PowerShell execution, arbitrary Python code execution, file writes, process enumeration and system-information collection, making browser-extension governance and native-messaging host controls important enterprise hardening priorities.
Malicious Edge extension abuses Native Messaging as bridge to malware
Edward Kiledjian
@ekiledjian