Edgecution: Malicious Edge Extension Opens the Door to Host Compromise

The Edgecution attack chain begins with a convincing social engineering campaign conducted through Microsoft Teams, where threat actors pose as internal IT personnel and claim that a critical spam filter update must be installed. Victims are then redirected to a fake Microsoft-branded portal, presented as an "Outlook Updates Management Console," which offers multiple installation methods, including an obfuscated AutoHotKey script, a clipboard-delivered batch file, and a PowerShell-based installer.

Once executed, the deployment scripts establish a staging environment within %LOCALAPPDATA%\Microsoft\Edge\User Data\test1. At this stage, the malformed archive is repaired and unpacked, revealing an embedded Python 3.13.3 runtime along with supporting extension and native components. The installer creates a Chrome native messaging manifest and a launcher script named native_host.bat, while storing a campaign-specific hexadecimal key in HKCU\SOFTWARE\Microsoft\Edge as AppKey. This key is required to decrypt strings embedded within the Python backdoor, significantly complicating independent analysis and reverse engineering efforts.

To maintain persistence, the Edgecution malware creates a scheduled task that launches Microsoft Edge in headless mode using a dedicated user data directory and silently loads the malicious extension without displaying a visible browser window. Disguised as an "Edge Monitoring Agent" within the browser's extension manager, the extension establishes secure WebSocket (WSS) communications with attacker-controlled CloudFront domains. It continuously exchanges heartbeat signals, subscription requests, and operational commands, allowing the threat actor to maintain a reliable foothold while blending malicious traffic with legitimate cloud services.

Whenever actions exceed the browser's native permissions, the extension leverages chrome.runtime.sendNativeMessage to communicate with the Python backdoor. The native host executes attacker instructions encapsulated in JSON messages containing command identifiers, parameters, and request tokens. This mechanism enables a broad range of capabilities, including system reconnaissance, shell and PowerShell execution, arbitrary file creation, process enumeration, and even the execution of attacker-supplied Python code. To reduce its forensic footprint, the Python process terminates immediately after responding to each request, minimizing its time in memory.

Although no explicit lateral movement techniques have been publicly documented, the extensive privileges granted by the Edgecution backdoor provide the level of host control commonly associated with initial access brokers preparing environments for ransomware deployment. Its exclusive use of AWS CloudFront infrastructure further obscures malicious activity by blending command-and-control traffic with legitimate CDN communications. Additionally, the malware removes the original configuration file after storing the C2 address in local browser storage, leaving fewer artifacts behind while retaining flexible mechanisms for data collection and exfiltration through file access, command execution, and JSON-based WSS responses.