Connect with us

Security

CrownX Ransomware Unleashed: New Avalon Malware Framework

Published

on

Cybersecurity experts have uncovered a sophisticated modular malware framework known as Avalon, which is distributed through a complex phishing chain that can bypass traditional security measures. This framework combines various malicious functions, including credential theft, lateral movement, remote access, recovery disruption, and ransomware deployment, all under one umbrella. The ransomware component of Avalon is internally referred to as CrownX.

The attack begins with a fake legal document email that directs recipients to a password-protected archive on Proton Drive. Malicious content is hidden inside an ISO image, reducing the chances of detection at the email level. If the recipient interacts with a document-themed Windows Shortcut inside the mounted image, it triggers a series of malware actions that lead to the deployment of Avalon.

Avalon is equipped with a robust defense evasion system designed to avoid detection and circumvent security tools from various providers. The framework can steal credentials, browser data, cryptocurrency information, and other sensitive details. It can also encrypt files, disrupt system recovery, and delete traces of its activities to hinder incident response efforts.

Interestingly, Avalon shows signs of AI-assisted development, indicating that even actors with limited technical expertise can create sophisticated malware with the help of artificial intelligence. This lowers the barrier to entry for malware development and allows less experienced threat actors to create powerful tools.

In a separate incident, Sysdig reported the first publicly documented agentic ransomware attack driven by a large language model. The threat actor behind this operation, codenamed JADEPUFFER, used automated techniques to carry out a destructive database extortion playbook against a victim’s production database server.

See also  Undercover in America: Ukrainian sentenced for aiding North Korean espionage

Moreover, researchers have discovered an AI malware that utilizes a Telegram bot and a public LLM API to execute codeless attacks. This malware translates natural language instructions from attackers into shell commands using the LLM translation layer, making it easier for threat actors to execute commands without advanced technical knowledge.

These developments highlight the evolving landscape of cyber threats, where AI-powered malware and sophisticated attack techniques are becoming more prevalent. It is essential for organizations to stay vigilant and implement robust cybersecurity measures to protect against these advanced threats. Sure, here is the HTML code ready for immediate WordPress integration:

<div><br />
  <h1>Welcome to our blog!</h1><br />
  <p>Stay updated with our latest posts and news.</p><br />
</div><br />

Trending