Edgecution Malware Escapes Browser Sandbox via Native Messaging

Browser extensions are supposed to be sandboxed. Edgecution demonstrates how attackers can escape that sandbox entirely, turning a browser add-on into a full system backdoor.

TL;DR

• What happened: Zscaler ThreatLabz discovered "Edgecution," a malicious Edge extension using Native Messaging to deploy a Python-based backdoor
• Attack vector: Social engineering via Microsoft Teams, fake Outlook update portals
• Ransomware connection: Linked to Payouts King ransomware operations through an initial access broker

The Sandbox Escape

Browser extensions operate within a security sandbox that restricts their access to the underlying operating system. But Chrome and Edge support a feature called Native Messaging that allows extensions to communicate with locally installed applications—and Zscaler's research shows how attackers weaponize that bridge.

Edgecution consists of two components. The first is a malicious Edge extension disguised as an "Edge Monitoring Agent" that runs in a headless, invisible browser instance. The second is a Python-based backdoor serving as the local executor, communicating with the extension via Native Messaging.

The extension itself has limited capabilities within the browser sandbox. But once it establishes communication with the Python component, attackers gain:

• Shell command execution
• PowerShell operation support
• Arbitrary Python code execution
• File writing capabilities
• Process enumeration
• System information gathering

Some commands appear unused in current variants—suggesting room for future capability expansion.

The Delivery Chain

The attack begins with social engineering. Attackers pose as IT support personnel on Microsoft Teams, directing employees to fraudulent pages mimicking Microsoft's "Outlook Updates Management Console." These fake portals offer update packages via AutoHotKey, batch, or PowerShell scripts.

The downloaded ZIP archive contains intentionally malformed headers to evade security detection. Inside: Python 3.13.3, an extension directory with the malicious Edge add-on, and a native directory with the Python backdoor.

This social engineering approach mirrors the ClickFix technique used by KongTuke and other initial access brokers. The Teams platform provides credibility—employees expect IT support to contact them through corporate messaging tools.

Ransomware Connection

Zscaler attributes Edgecution to an initial access broker associated with Payouts King ransomware operations. The group specializes in establishing persistent access through seemingly legitimate tools, then selling that access to ransomware affiliates.

Browser-based persistence offers advantages over traditional malware. Defenders focus on process monitoring, file-based detection, and network indicators. A malicious extension communicating through legitimate browser APIs generates less suspicious telemetry.

The Invisible Browser Problem

Edgecution runs Edge in headless mode—completely invisible to the user. There's no browser window, no taskbar icon, nothing to indicate the browser is running at all. The Python backdoor handles all malicious functionality while the extension maintains command-and-control communication.

This technique isn't entirely new. We've covered malicious Chrome extensions before. But the combination of Native Messaging abuse, headless execution, and social engineering through corporate communication platforms represents a concerning evolution.

Recommended Mitigations

1. Restrict external Teams communication - Limit or monitor messages from users outside your organization
2. Audit browser extensions - Review installed extensions across the enterprise, flag unsigned or suspicious add-ons
3. Monitor Native Messaging - Watch for unexpected native host registrations in the registry
4. Block known malicious domains - Add Zscaler's published IOCs to perimeter controls
5. User awareness training - Educate employees about IT support impersonation attacks
6. Application whitelisting - Prevent execution of Python interpreters outside approved contexts

Why This Matters

The browser has become the primary work interface for most knowledge workers. Attackers recognize this and are investing in browser-based tradecraft that bypasses traditional endpoint security. Extension-based malware is harder to detect, harder to remove, and blends into legitimate browser activity.

Organizations should review their browser extension policies and consider enterprise browser management solutions that provide visibility into installed add-ons. For broader malware defense guidance, see our malware protection guide.

Frequently Asked Questions

How can I detect Edgecution? Look for unexpected Edge processes running in headless mode, Python interpreters executing from unusual locations, and native messaging host registrations you didn't configure. Zscaler's report includes specific file hashes and C2 indicators.

Does this affect Chrome as well? The current variant targets Edge specifically, but the underlying technique—Native Messaging abuse—works identically in Chrome. Similar attacks against Chrome are likely either already deployed or in development.