Researchers uncovered Avalon, a modular malware framework spread through a multi-stage phishing chain that uses stealthy delivery and extensive defense evasion to gain access, steal data, and deploy ransomware. The report also describes JADEPUFFER, an agentic ransomware attack driven by an LLM, and an AI malware that uses a Telegram bot and public LLM API to convert plain-text instructions into shell commands. #Avalon #CrownX #JADEPUFFER #Langflow #Telegram #Groq
Keypoints
- Avalon is a newly discovered modular malware framework delivered through a multi-stage phishing chain.
- The attack uses an ISO image, a shortcut file, and MSBuild to launch the payload and evade detection.
- Avalon can steal credentials, browser data, wallet data, and other sensitive system information.
- The framework supports lateral movement, recovery disruption, anti-forensic cleanup, and ransomware deployment through CrownX.
- Researchers also reported AI-driven threats, including JADEPUFFER and a Telegram-based malware that uses an LLM to generate commands.
Read More: https://thehackernews.com/2026/07/new-avalon-malware-framework-packs.html