An initial access broker linked to Payouts King ransomware is deploying Edgecution, a sophisticated malware utilizing a malicious Microsoft Edge browser extension. The attack begins through social engineering via Microsoft Teams, impersonating IT staff and directing victims to fake Microsoft websites offering supposed Outlook updates. Edgecution comprises two components: a browser extension that communicates with command-and-control servers via websockets, and a Python-based backdoor. The extension abuses Chrome native messaging protocol to escape browser sandbox restrictions, enabling direct host access. This allows attackers to manipulate the filesystem, launch processes, and execute arbitrary code. The malware operates in a headless browser, remaining invisible to users. Deployment methods include AutoHotKey scripts, Windows batch scripts, and PowerShell scripts. The Python backdoor supports various commands including system information collection, filesystem access, and arbitrary code execution.