Per Bleeping Computer, a new malicious Microsoft Edge extension named "Edgecution" has been identified by Zscaler, capable of escaping browser sandboxes and deploying a Python-based backdoor, facilitating ransomware attacks.The Edgecution malware exploits the Chrome Native Messaging protocol to enable communication between browser extensions and native desktop applications. Attackers impersonate IT support on Microsoft Teams, directing employees to a fake page under the guise of a spam filter update. This leads to the download of malicious components, including scripts that deploy the Edgecution malware. Researchers at Zscaler believe this is orchestrated by an initial access broker linked to the Payouts Kings ransomware operation.The malware uses a malformed ZIP archive to evade security detection, containing an embedded Python version and components for a malicious Edge extension and a native backdoor. The extension, disguised as an Edge Monitoring Agent, connects to a command-and-control server. To bypass the browser sandbox, it leverages a Python backdoor that executes commands on the host system, such as running shell commands, PowerShell, or gathering system information.Source: Bleeping Computer
