Malicious Edge Extension Bypasses Sandbox to Install Backdoor
Photo: BleepingComputer
Quick answer
Threat actors have developed the malicious 'Edgecution' extension for Microsoft Edge, leveraging Native Messaging to bypass browser sandboxing and deploy a Python-based backdoor in ransomware campaigns.
Cybersecurity experts have identified a new threat involving a malicious extension for Microsoft Edge. Dubbed 'Edgecution,' the extension was used in ransomware attacks to bypass the browser's built-in sandboxing.
Threat actors are exploiting the Native Messaging mechanism, which allows extensions to interact with external applications. In this case, the functionality is abused to install a Python-based backdoor, enabling attackers to bypass protections and gain access to the victim's system.
Experts warn that such attacks demonstrate the increasing sophistication of cybercriminals, who leverage legitimate software features to compromise devices. Users are advised to exercise caution when installing extensions and regularly update their security tools.
Common questions
- What is the 'Edgecution' extension?
- A malicious Microsoft Edge extension used by cybercriminals to bypass browser protections and install a Python-based backdoor.
- How does the 'Edgecution' attack work?
- The extension exploits Native Messaging to escape the browser sandbox and deploy malware on the target system.
- What are the potential consequences of such an attack?
- The attack allows threat actors to gain control over infected systems, enabling data theft, ransomware deployment, or other malicious activities.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml