惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
T
Threat Research - Cisco Blogs
GbyAI
GbyAI
Y
Y Combinator Blog
美团技术团队
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
S
SegmentFault 最新的问题
IT之家
IT之家
Recent Announcements
Recent Announcements
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
T
The Blog of Author Tim Ferriss
Martin Fowler
Martin Fowler
Microsoft Azure Blog
Microsoft Azure Blog
V
Visual Studio Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
U
Unit 42
WordPress大学
WordPress大学
博客园 - Franky
L
LangChain Blog
人人都是产品经理
人人都是产品经理
小众软件
小众软件
博客园 - 叶小钗
罗磊的独立博客
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
云风的 BLOG
云风的 BLOG
Vercel News
Vercel News
雷峰网
雷峰网
腾讯CDC
Google DeepMind News
Google DeepMind News
博客园 - 三生石上(FineUI控件)
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Help Net Security
Help Net Security
C
Check Point Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
N
News and Events Feed by Topic
V2EX - 技术
V2EX - 技术
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Schneier on Security
Schneier on Security
博客园 - 聂微东
A
Arctic Wolf
H
Heimdal Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
The Exploit Database - CXSecurity.com
C
Cyber Attacks, Cyber Crime and Cyber Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Google DeepMind News
Google DeepMind News

Security Research | Blog

ClaudeFix: Shared Claude Chats Meet ClickFix | Zscaler Why Do F1 Teams Need Cybersecurity, and What Is AI’s Role? Indirect Prompt Injection Targets AI Agents | ThreatLabz Splunk Enterprise RCE (CVE-2026-20253) | ThreatLabz SmartApeSG Supply Chain Attack Targets Okendo | ThreatLabz AI Generated ClickFix Attack Delivers SmartRAT | ThreatLabz What the ThreatLabz 2026 Phishing and Initial Access Report Means for the Public Sector | Zscaler Shai-Hulud: Miasma, Hades, & AI Scanner Evasion | ThreatLabz Zscaler ThreatLabz 2026 Phishing and Initial Access Report Technical Analysis of MLTBackdoor | ThreatLabz When the Scanner Starts Thinking: Learnings from Mythos & GPT 5.5 Cyber in Security Testing | Zscaler OpenClaw Skill Distributes Remcos & GhostLoader | ThreatLabz Tropic Trooper: AdaptixC2 + Custom Beacon | ThreatLabz Do not delete blog (testing) | Zscaler Payouts King Takes Aim at the Ransomware Throne | ThreatLabz The Alibaba Incident and Why Zero Trust Matters More Than Ever In-Memory Loader Drops ScreenConnect | ThreatLabz Supply Chain Attacks Surge in March 2026 | ThreatLabz Claude Code Leak: Critical AI Security Threat 2026 Latest Xloader Obfuscation Code & C2 Protocol | ThreatLabz CVE-2026-20131: Analysis of FMC RCE | ThreatLabz Technical Analysis of SnappyClient | ThreatLabz China-nexus Group Targets Arabian Gulf Region | ThreatLabz Middle East Conflict Fuels Cyber Attacks | ThreatLabz Dust Specter APT Targets Gov’t Officials in Iraq | ThreatLabz APT37 Adds New Tools For Air-Gapped Networks | ThreatLabz GuLoader Malware Obfuscation Techniques Analyzed GuLoader Obfuscation Analysis | ThreatLabz Technical Analysis of Marco Stealer | ThreatLabz Latest Public Sector AI Adoption Trends: What Government, Healthcare, and Education Security Teams Need to Know | Zscaler Operation Neusploit: APT28 Uses CVE-2026-21509 | ThreatLabz 7 Predictions for 2026 | Zscaler SHEETCREEP, FIREPOWER, and MAILCREEP Analysis | ThreatLabz AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report | Zscaler GOGITTER, GITSHELLPAD, and GOSHELL Analysis | ThreatLabz Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek | Zscaler BlindEagle Deploys Caminho and DCRAT | ThreatLabz Technical Analysis of the BlackForce Phishing Kit | ThreatLabz React2Shell RCE Vulnerability (CVE-2025-55182) | ThreatLabz Shai-Hulud V2 Poses Risk to NPM Supply Chain | ThreatLabz Technical Analysis of Matanbuchus 3.0 | ThreatLabz In-Depth Analysis: Water Gamayun APT Multi-Stage Attack Uncovered CVE-2025-50165: Windows Graphics Component Flaw | ThreatLabz Mobile, IoT, and OT Risks Converge in the Public Sector | Zscaler Industry Attacks Surge, Mobile Malware Spreads: The ThreatLabz 2025 Mobile, IoT & OT Report | Zscaler Zscaler Discovers Vulnerability in Keras Models Allowing Arbitrary File Access and SSRF (CVE-2025-12058) | Zscaler F5 Security Incident Advisory | Zscaler Under the Radar: How Non-Web Protocols Are Redefining the Attack Surface | Zscaler SEO Poisoning Targets Ivanti VPN: Credential Theft Alert Cisco Firewall and VPN Zero Day Attacks | ThreatLabz COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz YiBackdoor: Linked to IcedID and Latrodectus | ThreatLabz Technical Analysis of Zloader Updates | ThreatLabz Mitigating Risks from the Shai-Hulud NPM Worm | ThreatLabz Malicious PyPI Packages Deliver SilentSync RAT | ThreatLabz Technical Analysis of SmokeLoader Version 2025 | ThreatLabz Technical Analysis of kkRAT | ThreatLabz APT37: Rust Backdoor & Python Loader | ThreatLabz Anatsa’s Latest Updates | ThreatLabz Termncolor and Colorinal Explained | ThreatLabz GenAI Used to Impersonate Brazil’s Govt Websites | ThreatLabz Tracking Updates to Raspberry Robin | ThreatLabz Ransomware Surges, Extortion Escalates: ThreatLabz 2025 Ransomware Report | Zscaler China-nexus APT Targets the Tibetan Community | ThreatLabz CVE-2025-53770 | ThreatLabz Black Hat SEO Poisoning Search Engine Results For AI | ThreatLabz
Edgecution: Malicious Edge Extension Backdoor | ThreatLabz
ThreatLabz · 2026-06-23 · via Security Research | Blog

Technical Analysis

There are two key components of the Edgecution attack: a Microsoft Edge browser extension and a Python script. The latter serves as a bridge between traditional browser sandboxes that are designed to limit access to the local system. However, Chrome-based browsers support native messaging to enable third-party applications to perform activities outside of the sandbox and access the filesystem and operating system. In this section, we discuss how this attack deploys the malicious Microsoft Edge browser extension as well as how each component works. 

Initial access & malware deployment

These attacks typically start via social engineering through Microsoft Teams messages that impersonate a company’s IT staff. The unsuspecting victim is informed they they need a spam filter update and shown a fake Microsoft website as shown below: 

Fake Microsoft website disguised as an “Outlook Updates Management Console”.

Figure 1:  Fake Microsoft website disguised as an “Outlook Updates Management Console”.

These buttons shown above perform the following actions:

Button Name

Description

Updates Pack 5029 Download

Downloads an obfuscated AutoHotKey script that can be used to set up and deploy the Edgecution malware.

Updates Pack 5029-2 Download

Downloads a legitimate AutoHotKey executable. Required to execute the AutoHotKey script above.

Updates Pack 5028f Download

Downloads an encrypted ZIP file (with the PK magic bytes removed). This is likely designed to evade network signatures.

Outlook Version Verification

Copies a Windows batch script to the clipboard that is used to set up and deploy the Edgecution malware.

OS Version Verification

Copies a PowerShell script to the clipboard that is used to set up and deploy the Edgecution malware.

Updates Registration

Displays a form that requests the victim’s Microsoft365 / Outlook password.

Table 1: Fake Microsoft Outlook Updates website used to deploy Edgecution.

Note that these buttons offer the threat actor three different options (via an AutoHotKey script, Windows batch script, and PowerShell script) to deploy the Edgecution malware.

When the AutoHotKey script or clipboard content is executed, the commands will configure the environment, fix the encrypted ZIP file headers, extract relevant files, and create a scheduled task that executes Microsoft Edge.

The commands will create a directory for the malicious browser extension under: %LOCALAPPDATA%\Microsoft\Edge\User Data\test1

The encrypted ZIP archive (disguised as a fake patch) contains an embedded Python version 3.13.3 distribution and two directories named extension and native. As these directory names suggest, the extension directory contains a web browser extension and the native directory contains a single obfuscated Python script. Interestingly, the set up scripts set a value named AppKey in the Windows registry under HKCU\SOFTWARE\Microsoft\Edge with a hex string that is used to decrypt the strings in the Python backdoor. This not only obfuscates the Python backdoor’s strings, but also prevents it from running properly without the correct key.

In order for the browser extension to launch the Python backdoor, the set up scripts create a batch script named native_host.bat in the script’s native directory that is invoked by the web browser extension. This batch script launches the backdoor with Python’s -u flag, which ensures that standard output and standard error are unbuffered. In addition, the set up scripts create a Chrome native messaging manifest file with content similar to the following:

{
	"name": "com.[rand_chars].api",
	"description": "Edge Monitoring Agent Native Host",
	"path": "%APPDATA%\\Microsoft\\Edge\\User Data\\test1\\native\\native_host.bat",
	"type": "stdio",
	"allowed_origins":  [
  		"chrome-extension://[extension_id]/"
	]
}

This allows the browser extension to invoke the native application and communicate over standard input and output. The set up scripts also create a file with hardcoded random characters (that changes per campaign) in the native directory that stores the location of the C2 server.

Finally, the set up scripts schedule a task to launch Microsoft Edge with the parameters: --user-data-dir="%LOCALAPPDATA%\Microsoft\Edge\User Data\Recovery" --load-extension="%EXTENSION_DIR%" --no-first-run --disable-sync --headless=new

This will cause Microsoft Edge to load the extension in a hidden browser window without any user prompts or warnings.

Edgecution browser extension

The Edgecution browser extension disguises itself as an Edge Monitoring Agent as shown in the figure below:

Edgecution browser extension disguised as an Edge Monitoring Agent.

Figure 2: Edgecution browser extension disguised as an Edge Monitoring Agent.

Note that this extension will not be visible to a user when they open their web browser normally because it is not installed and the Edgection runs in a headless browser.

The Edgecution browser extension communicates with the C2 server over websockets. All of the C2 servers observed by ThreatLabz have leveraged subdomains of cloudfront.net and hosted on Amazon Web Services (AWS).

The Edgecution browser extension supports a variety of message types and commands. Some of the commands require permissions that are not allowed by normal extensions. In order to circumvent this restriction, the Edgecution browser extension uses the Chrome native messaging protocol to invoke a Python backdoor that can directly access the victim’s filesystem, execute arbitrary commands, create processes, etc. The bridge between the extension and native Python backdoor is established using chrome.runtime.sendNativeMessage to the name of the specified API endpoint (e.g., com.[rand_chars].api).

The list of message types supported by the Edgecution browser extension’s C2 protocol are the following:

Message Type

Direction

Description

1

Extension → C2

Hello message. First message sent when communication is initiated.

2

C2 → Extension

Store VAPID public key for push subscription service.

3

Extension → C2

Ping message. Heartbeat every 20 seconds.

4

C2 → Extension

Pong message. Heartbeat reply.

10

C2 → Extension

Command message.

11

Extension → C2

Command result.

20

Extension → C2

Event that informs when a keyword is hit during browsing.

30

Extension → C2

Push subscription. The browser registers with its

vendor push service and returns the subscription.

Table 2: Edgecution browser extension C2 message types.

Message type 10 is primarily responsible for the malicious activity. There are two types of Edgecution commands:

  • Keyword / tab monitoring in the web browser
  • Privileged commands: require permissions outside of the browser sandbox, which are passed on to the Python backdoor.

The Edgecution command ID mappings are shown in the table below:

Extension Command ID

Python Command ID

Command Handler

Description

100

N/A

Browser Extension

Add URL keywords.

101

N/A

Browser Extension

Remove URL keywords.

102

N/A

Browser Extension

Stats about keywords matches.

103

N/A

Browser Extension

Reports the number of open tabs.

104

N/A

Browser Extension

Reports the browser’s active tab URL and title.

105

N/A

Browser Extension

Not used.

106

1

Python Backdoor

Collect and send system information.

107

3

Python Backdoor

Shell execute.

108

4

Python Backdoor

Write data to a specific filename / path.

109

5

Python Backdoor

Run Python code.

110

6

Python Backdoor

Retrieve a list of running processes.

111

7

Python Backdoor

Execute PowerShell commands / code.

112

N/A

Python Backdoor

Set a new C2 URL in the browser’s local storage.

Table 3: Mapping between the Edgecution browser extension and Python backdoor command IDs.

Note that the keyword monitoring functionality is likely a decoy, because the Edgecution browser extension is running in headless mode. Therefore, user activity in the browser will not be monitored.

Edgecution Python-based backdoor

The Edgecution Python backdoor also supports four additional commands as shown below:

Command ID

Extension Command ID

Description

2

Unused

Ping command (replies with a pong message).

8

Invoked by the browser extension on successful C2 connection

Update C2 server URL. The browser extension stores the C2 address in local storage via chrome.storage.local.serverUrl.

9

Invoked by the browser extension on successful C2 connection

Deletes the C2 URL configuration file after the C2 has been saved in the browser’s local storage.

10

Unused

Write debug information to a log file (extension.log).

Table 4: Additional commands supported by the Edgecution Python backdoor.

Note that command ID 2 and 10 are not currently used. The command IDs 8 and 9 are invoked from the browser extension after successful communication with the Edgecution C2 has been established. These commands clean up the configuration file used to store the C2 server URL, which is stored in the browser’s local storage.

The Edgecution Python backdoor reads from standard input. The first four bytes of each message is the length of the message, followed by the message content in JSON format. Each C2 message passed to the Python backdoor contains the JSON keys commandargs, and request_id. After processing a command, the Python backdoor will send a JSON response back containing the JSON keys statusresult, and the corresponding request_id

Note that Edgecution spawns a new Python process each time the C2 provides a supported command, and exits once the response is sent back.