← All stories
● Covered by 1 source Β· 1 reportHigh impact

New Avalon Malware Framework Discovered with Ransomware Functionality

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

Researchers have identified Avalon, a modular malware framework featuring the CrownX ransomware. Avalon employs sophisticated phishing techniques and extensive evasion tactics to bypass security measures, posing significant threats to various organizations.

Key points

Discovery of Avalon Framework

Cybersecurity researchers revealed a new modular malware framework named Avalon. Notably, this framework combines features for credential harvesting, remote access, and ransomware execution, marked internally as CrownX. This development highlights a shift in how malware can be deployed and executed, utilizing sophisticated methods to evade detection.

Phishing Delivery Method

Avalon is delivered through a multi-stage phishing attack that begins with a spoofed email containing a link to a password-protected archive on Proton Drive. This strategy, utilizing an embedded ISO image to conceal malicious content, reduces the likelihood of detection by security systems during the initial attack phase.

Execution Sequence and Evasion Tactics

Once the recipient interacts with a deceptive Windows Shortcut within the mounted image, it initiates a sequence that ultimately deploys Avalon. The malware employs an embedded .NET assembly that manipulates Windows Event Tracing for reduced forensic visibility and employs multiple techniques to bypass various security software.

Capabilities and Threat to Users

The Avalon framework is capable of extracting sensitive information from popular browsers and applications like cryptocurrency wallets, Discord, and Windows Credential Manager. It connects to a remote server for data exfiltration, which poses serious risks to user privacy and organizational security.

Broader Implications for Cybersecurity

The emergence of Avalon complicates cybersecurity defenses as it incorporates advanced evasion strategies tailored to various security tools. The sophisticated nature of this malware signifies a worrying trend in malware development, requiring heightened awareness and enhanced security measures from organizations.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub PaloAltoNetworks/Unit42-timely-threat-intel CVE CVE-2025-32489.8 CRITICAL CVE CVE-2026-552008.1 HIGH CVE CVE-2026-468179.8 CRITICAL

Reporting from

Researchers have identified Avalon, a modular malware framework featuring the CrownX ransomware. Avalon employs sophisticated phishing techniques and extensive evasion tactics to bypass security measures, posing significant threats to various organizations.