EDGE EXTENSION WEAPONIZED TO DEPLOY RANSOMWARE

The extension abused Microsoft Edge's native messaging feature, which allows browser extensions to communicate with native applications on a system. By leveraging this functionality, attackers circumvented the browser sandbox—a security layer designed to isolate web content from the underlying operating system. Edgecution enabled deployment of a Python backdoor, granting attackers remote access and establishing a foothold for ransomware distribution. The attack chain illustrates a critical vulnerability in how browser extensions interact with system resources. Native messaging was designed for legitimate purposes, such as allowing extensions to communicate with locally installed software. However, its power makes it an attractive target for threat actors seeking to escape browser confinement. Microsoft Edge users are advised to review installed extensions and disable or remove suspicious ones. Organizations should implement policies restricting extension installation and monitor for unauthorized native messaging activity.