🟠 High  |  Source: The Hacker News


A newly discovered malware framework called Avalon bundles ransomware, credential theft, lateral movement, and remote access capabilities into a single modular toolkit, delivered via a multi-stage phishing campaign designed to evade conventional security tools. The integrated CrownX ransomware component adds data encryption and recovery disruption to an already broad attack surface. Its modular design means threat actors can tailor attacks to specific environments, increasing the risk to enterprise and cloud workloads alike.

Security Architect’s Take: Prioritise reviewing your email security gateway and phishing simulation coverage, and ensure cloud workloads enforce least-privilege IAM policies and immutable backup configurations to limit the blast radius of both credential theft and ransomware execution. Enable lateral movement detection through cloud-native tools such as GuardDuty, Defender for Cloud, or Security Command Center, and validate that snapshot and backup recovery paths cannot be disabled by compromised identities.

Original advisory: New Avalon Malware Framework Packs CrownX Ransomware Capabilities