Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Edgecution malicious Microsoft Edge extension backdoor activity

Malware Activity
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

The Edgecution malware is extending a Microsoft Edge browser foothold into host-level compromise by abusing Chrome Native Messaging and launching a Python-based backdoor. The activity matters because it turns a browser extension into a bridge for shell, PowerShell, and arbitrary Python execution on infected systems. The delivery chain uses fake Microsoft Teams IT-support lures and update-themed pages to push malicious scripts and ZIP payloads. The operation is tied to ransomware-related access tooling and is designed to increase persistence and control on compromised Windows hosts.

Related Happenings

GPU cryptomining malware using ScreenConnect and SEO poisoning

Malware Activity
H score16 First: 28.05.2026 00:31 Last: 28.05.2026 00:31 Sources 1

About this happening: A **cryptojacking malware operation** is spreading through **SEO-poisoned download pages** and, in some cases, **AI chatbot recommendations**, putting **high-performance Windows s...

Open Happening

PureLogs infostealer purchase-order phishing delivery chain

Malware Activity
H score21 First: 27.05.2026 11:00 Last: 27.05.2026 11:00 Sources 1

About this happening: The **PureLogs** infostealer is being delivered through **purchase-order-themed phishing emails**, creating a **Windows** infection chain that steals **browser credentials**, **Di...

Open Happening

SHub Reaper macOS infostealer variant

Malware Activity
H score23 First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

Open Happening

TCLBANKER banking trojan activity targeting 59 financial platforms

Malware Activity
H score20 First: 08.05.2026 21:12 Last: 08.05.2026 21:12 Sources 1

About this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...

Open Happening

Snow malware suite deployment by UNC6692

Malware Activity
H score29 First: 25.04.2026 18:07 Last: 25.04.2026 18:07 Sources 1

About this happening: UNC6692 has deployed the **Snow** malware suite through **social engineering**, creating a stealthy path to **credential theft** and **domain compromise**. The operation uses **em...

Open Happening

Timeline

  1. 24.06.2026 23:58 2 articles · 2h ago

    Edgecution escapes the Microsoft Edge sandbox and launches a Python backdoor

    Initial Disclosure

    Zscaler identifies Edgecution, a malicious Microsoft Edge extension linked to an initial access broker tied to Payouts Kings, as a browser-to-host malware chain that starts with Microsoft Teams IT-support lures and fake Microsoft update pages and ends with Chrome Native Messaging launching a Python-based backdoor on compromised Windows hosts.

    Show sources
    Open in new tab