EDGECUTION malware is a malicious Microsoft Edge extension functioning as a backdoor, linked to the Initial Access Broker associated with Payouts King ransomware. It targets enterprise Windows users via social engineering tactics in Microsoft Teams, using a fake update prompt. The malware is delivered through a deceptive page offering multiple download methods, including scripts for executing the malware sans direct user interaction.
This malware exploits browser vulnerabilities to bypass security protocols, allowing unauthorized access to system data. Key defensive measures include skepticism towards unsolicited IT updates, monitoring browser extensions, and employee training on recognizing fake prompts.