Payouts King Ransomware Uses Edgecution Malware via Malicious Edge Extension

An initial access broker linked to the Payouts King ransomware has deployed a new malware known as Edgecution. This attack utilizes a malicious Microsoft Edge browser extension that exploits the Chrome native messaging protocol, allowing the malware to interact with host applications beyond the browser's sandbox. The attack begins with social engineering tactics, often impersonating IT staff through Microsoft Teams messages, leading victims to a fake Microsoft website. Victims are prompted to download various scripts that facilitate the installation of the Edgecution malware. The malware enables attackers to manipulate the local filesystem and execute arbitrary code on compromised systems. The campaign represents a significant evolution in ransomware delivery methods, posing a serious risk to organizations using Microsoft Edge. Security professionals are urged to remain vigilant against such social engineering tactics and browser-based malware.

Key Points: • Edgecution malware exploits a malicious Microsoft Edge extension to gain host access. • Attackers use social engineering tactics, impersonating IT staff to deceive victims. • The campaign demonstrates a novel method for ransomware delivery, increasing risk for organizations.