ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

Edgecution Edge extension uses Native Messaging to drop a backdoor

Source headline: Malicious Edge extension abuses Native Messaging as bridge to malware

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 14 hours ago

Intelligence Summary

A malicious Microsoft Edge extension called Edgecution has been linked to a ransomware operation. The extension abuses the browser sandbox by leveraging Native Messaging to reach malware components. Victims are believed to receive a Python-based backdoor after the escape path is triggered. This enables persistent access and supports follow-on ransomware activity. Users should avoid untrusted Edge extensions and review installed add-ons and browser messaging settings.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#backdoor #ransomware #malicious-extension #microsoft-edge #native-messaging #python
Original reporting BleepingComputer Malicious Edge extension abuses Native Messaging as bridge to malware
Open original source

Related Pulse Signals

View all signals
High · Cybersecurity Mistic stealth backdoor connects KongTuke and ModeloRAT campaigns Medium · Cybersecurity NIST seeks feedback on revised IoT cybersecurity requirements for federal networks Medium · Cybersecurity DraftKings accounts breach: “Snoopy” hacker gets 18-month sentence High · Cybersecurity Texas activists get decades in prison tied to antifa-related allegations