Malicious Edge Extension Uses Native Messaging for Malware

A malicious Microsoft Edge extension known as 'Edgecution' has proven to be a tool in a ransomware attack. This extension utilizes Edge's Native Messaging feature to spread malware and circumvent security mechanisms. The discovery of this threat raises new questions about the security of browser extensions. The malware disseminated by the Edgecution extension is a Python-based backdoor program, allowing attackers to gain access to infected systems and carry out further malicious activities.

The use of Python for backdoor development is noteworthy, as it is a widely used programming language in many areas of software development. The attackers exploit the Native Messaging feature to bypass the browser's sandbox environment. This feature allows extensions to communicate with native applications on the user's computer. Through this technique, the attackers can circumvent the browser's security measures and take control of the system. The security researchers who discovered this threat warn of the potential risks associated with installing unverified software add-ons.

Many users are unaware of the dangers posed by malicious extensions. The spread of such malware could lead to significant data loss and financial damage. Microsoft has already responded to the threat and is working on an update to close the security vulnerabilities exploited by the Edgecution extension. The company has emphasized that user security is a top priority and that they are continuously working to improve their products. The discovery of this malware has also drawn the attention of security authorities.

Experts recommend that users regularly review their browser extensions and only install those from trusted sources. The use of security software can also help detect and neutralize potential threats early. The vulnerability exploited by the Edgecution extension could also affect other browsers that implement similar features. This could lead to an increase in attacks across various platforms if security measures are not appropriately adjusted. Research into this threat is ongoing to gather further details about how the malware operates.

The exact number of affected users is currently unknown; however, it is estimated that several thousand systems worldwide are at risk. Security researchers are working to halt the spread of the malware and warn affected users. The situation is evolving, and further information is expected to be released in the coming weeks. Microsoft plans to roll out the update to all users by the end of July 2026.