June 23, 2026 — Zscaler ThreatLabz researchers have documented a malware campaign that turns Microsoft Edge into a bridge to the operating system: the malicious Edgecution extension abuses the Chrome Native Messaging protocol to bypass the browser sandbox and install a Python backdoor with user privileges. The attack, attributed to an initial access broker linked to the Payouts King ransomware operation, exploits no zero-day vulnerabilities but instead recombines legitimate functionality into a compromise chain that traditional defenses struggle to intercept.
The case is significant because it flips the perimeter security paradigm: the browser, traditionally viewed as an isolated container, becomes the vehicle for host-level access itself. And it does so using an official, documented API that developers use daily to let extensions talk to desktop applications.
- Edgecution is a Microsoft Edge extension that abuses the Native Messaging protocol to escape the browser sandbox and communicate with a Python backdoor installed at the host system level.
- Infection begins with social engineering via Microsoft Teams: actors impersonating IT staff direct victims to a fake "Outlook Updates Management Console" portal with three deployment options.
- The extension runs in headless mode with parameters
--headless=new --no-first-run --disable-sync, staying invisible to the user while maintaining a C2 connection over WebSocket servers hosted on AWS CloudFront subdomains. - A registry key
AppKeyinHKCU\SOFTWARE\Microsoft\Edgeserves as an anti-analysis mechanism: without it, the Python backdoor fails to decrypt its strings correctly.
How the Attack Chain Works: From Teams to Persistence
Entry occurs through a Microsoft Teams message in which the actor impersonates the target organization's IT staff. The victim is pushed to visit a site named "Outlook Updates Management Console," designed to mimic a legitimate administration interface. According to the source, the portal presents three buttons offering three deployment vectors: an AutoHotKey script, a Windows batch script, or a PowerShell script.
The downloaded ZIP file presents a relevant technical detail for evasion: the header is malformed, with the PK magic bytes removed. This modification, according to Zscaler, is likely designed to evade network signatures that scan traffic for executable archives. Inside, the package contains Python 3.13.3 in embedded form, an extension directory, and a native directory.
Once executed, the setup script creates the structure needed for the malware to function. The extension masquerades as "Edge Monitoring Agent" and loads in a headless Edge instance — invisible to the user — with parameters that disable sync and first-run. The extension then establishes communication via Native Messaging with the Python component, which receives commands from the C2 server and can execute shell operations, access the filesystem, and gather system information.
Native Messaging: A Legitimate API Turned Tunnel
The Chrome Native Messaging protocol is a standard Chromium API — therefore implemented in Edge as well — that allows browser extensions to exchange messages with native applications installed on the operating system. The mechanism requires a JSON manifest that registers the native application, and operates through stdin/stdout with length-prefixed messages.
Edgecution exploits exactly this channel. The extension, technically confined to the browser sandbox, uses the authorized API to relay privileged commands from the C2 server to the Python backdoor. According to Zscaler, "the browser extension uses this authorized bridge to relay privileged commands from the command-and-control server directly to the second component: the Python-based backdoor." The result is a sandbox bypass that requires no vulnerability exploit, privilege escalation, or memory corruption techniques.
The extension maintains a regular heartbeat: a ping/pong at roughly 20-second intervals to the C2 servers. All servers observed by ThreatLabz use subdomains of cloudfront.net hosted on Amazon Web Services, with WebSocket communication. Documented domains include d3nh8sl98s2554.cloudfront[.]net, d2g6dl71gua1qa.cloudfront[.]net, and d1jp293q9tvi92.cloudfront[.]net.
Anti-Analysis Protection and Attribution to Payouts King IAB
A distinctive element of the malware is the Python backdoor's string decryption mechanism. During installation, scripts create a value named AppKey in the Windows registry under HKCU\SOFTWARE\Microsoft\Edge, containing a hexadecimal string. This key is required to decrypt the backdoor's strings: without it, the Python code fails to execute correctly, rendering static analysis ineffective on sandboxed systems that do not replicate the full infection process.
"These buttons offer the threat actor three different options (via an AutoHotKey script, Windows batch script, and PowerShell script) to deploy the Edgecution malware"
— Zscaler ThreatLabz, via BleepingComputer
Zscaler ThreatLabz attributes the campaign to an initial access broker — an actor specializing in initial compromise who sells access to ransomware groups — connected to the Payouts King operation. The dossier does not specify whether the same group also executes the ransomware deployment phase, or limits its role to initial access. No infrastructure overlaps directly linking the IAB to the Payouts King group emerge at this time, beyond the affiliation indicated by researchers.
Why Traditional Defenses Miss the Flow
The core problem with Edgecution is that all traffic appears legitimate. Native Messaging is an official API, the Python backdoor is a standard interpreter, the C2 connection runs over HTTPS/WebSocket to AWS CloudFront infrastructure — indistinguishable from millions of legitimate services. An EDR monitoring only suspicious processes or anomalous connections detects nothing: Edge itself is the process, and the backdoor operates as a regularly registered native application.
Headless mode adds another layer of concealment: the user sees no windows, notices no installed extensions, gets no visual feedback of the compromise. The browser many enterprises consider a secure perimeter becomes, in this configuration, the vehicle for persistence and command.
The dossier does not document specific EDR evasion tests in real environments, nor establish whether the observed evasion techniques have been validated against commercial products or represent only theoretical analysis.
Immediate Actions
- Audit enterprise browser extensions: verify all installed extensions are approved and deployed via centralized management policies, not left to user discretion.
- Monitor Native Messaging registrations: identify JSON manifests registering native applications associated with extensions, with particular attention to those in
HKCUthat fall outside standard corporate policies. - Inspect WebSocket connections from browser processes: a headless Edge maintaining persistent connections to unrequested CloudFront endpoints is indicative of compromise.
- Refresh social engineering training: IT impersonation via Teams is the first link in the chain; user awareness remains the most effective control on this vector.
The Lesson: When the Perimeter Is Inside the Browser
Edgecution is not a case of technological failure but of security boundary redefinition. The modern browser is a complete operating system: sandbox, extensions, native APIs, persistence. Ransomware actors understand this and are shifting focus from vulnerability exploits to composition of legitimate features. Edge's sandbox was not breached: it was simply bypassed by a bridge built specifically to be crossed.
For enterprises, the practical consequence is that perimeter monitoring must extend inside the browser, not stop at its edge. And that APIs considered secure by design — like Native Messaging — require governance as rigorous as any other cross-process communication channel.
FAQ
Does Edgecution require administrator privileges?
No. The malware operates with standard user privileges, exploiting the fact that Native Messaging and registry keys in HKCU are accessible without elevation.
Can other Chromium-based browsers be vulnerable to the same scheme?
The Native Messaging mechanism is common to all Chromium browsers, but the dossier describes Edgecution as specifically designed for Microsoft Edge. The source does not document variants for Chrome, Brave, or others.
Is there a specific detection signature?
According to the dossier, documented indicators of compromise include the three CloudFront C2 domains, the AppKey registry key, and the Edge headless launch parameters. However, no complete list of hashes or verified YARA rules emerges from the primary sources.
Sources
- https://www.bleepingcomputer.com/news/security/malicious-edge-extension-abuses-native-messaging-as-bridge-to-malware/
- https://securityboulevard.com/2026/06/payouts-king-ransomware-initial-access-broker-deploys-new-edgecution-malware/
- https://cyberpress.org/fake-outlook-backdoor-attack/
- https://nvd.nist.gov/vuln/detail/CVE-2025-53770
- https://nvd.nist.gov/vuln/detail/CVE-2025-54313
- https://nvd.nist.gov/vuln
- https://nvd.nist.gov/vuln/detail/CVE-2026-3910
- https://cybersecuritynews.com/claude-desktop-reportedly-adds-browser-access/
- https://nvd.nist.gov/vuln/data-feeds
- https://nvd.nist.gov/vuln/vendor-comments
- https://nvd.nist.gov/vuln/cvmap
Information verified against cited sources and current as of publication.