Researchers have identified Avalon, a modular malware framework featuring the CrownX ransomware. Avalon employs sophisticated phishing techniques and extensive evasion tactics to bypass security measures, posing significant threats to various organizations.
Cybersecurity researchers revealed a new modular malware framework named Avalon. Notably, this framework combines features for credential harvesting, remote access, and ransomware execution, marked internally as CrownX. This development highlights a shift in how malware can be deployed and executed, utilizing sophisticated methods to evade detection.
Avalon is delivered through a multi-stage phishing attack that begins with a spoofed email containing a link to a password-protected archive on Proton Drive. This strategy, utilizing an embedded ISO image to conceal malicious content, reduces the likelihood of detection by security systems during the initial attack phase.
Once the recipient interacts with a deceptive Windows Shortcut within the mounted image, it initiates a sequence that ultimately deploys Avalon. The malware employs an embedded .NET assembly that manipulates Windows Event Tracing for reduced forensic visibility and employs multiple techniques to bypass various security software.
The Avalon framework is capable of extracting sensitive information from popular browsers and applications like cryptocurrency wallets, Discord, and Windows Credential Manager. It connects to a remote server for data exfiltration, which poses serious risks to user privacy and organizational security.
The emergence of Avalon complicates cybersecurity defenses as it incorporates advanced evasion strategies tailored to various security tools. The sophisticated nature of this malware signifies a worrying trend in malware development, requiring heightened awareness and enhanced security measures from organizations.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Researchers have identified Avalon, a modular malware framework featuring the CrownX ransomware. Avalon employs sophisticated phishing techniques and extensive evasion tactics to bypass security measures, posing significant threats to various organizations.