"The attack began with a spoofed legal document email directing recipients to a password protected archive on Proton Drive," Blackpoint Cyber researchers Nevan Beal and Sam Decker said.
Avalon framework and CrownX ransomware
Security researchers have documented a previously unreported modular malware framework codenamed Avalon that culminates in a ransomware component internally named CrownX. According to Blackpoint Cyber, Avalon is a multi-capability platform that combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution into a single, reusable framework.
Phishing chain and initial access via ISO and MSBuild
Blackpoint Cyber traces Avalon deployments to a staged phishing chain. Recipients receive a spoofed legal-document email that points them to a password-protected archive hosted on Proton Drive. The malicious content is placed inside an ISO image rather than attached directly to the message, a tactic the researchers say reduces detection at the email layer.
If a recipient opens the mounted image and double-clicks a document-themed Windows Shortcut named "Secure Document CA-283505.pdf.lnk," it launches a staged sequence. The shortcut runs a command to launch an MSBuild project stored in the ISO image; that MSBuild project loads an embedded .NET assembly which interferes with Event Tracing for Windows (ETW) and then downloads a next-stage payload over HTTPS that launches Avalon.
Defense evasion, telemetry reduction, and signs of AI-assisted assembly
Avalon includes an extensive defense-evasion subsystem designed to reduce telemetry, bypass user-mode monitoring, and adjust execution based on the host’s defensive controls. Blackpoint Cyber lists targeted methods to conceal execution from security tools associated with Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender.
"These capabilities give the framework a multitude of ways to reduce telemetry, bypass user mode monitoring, and adjust its execution depending on the defensive controls present on the host," the researchers said. The framework also interferes with ETW to reduce forensic visibility.
Blackpoint Cyber additionally reports signs that Avalon’s components show evidence of artificial intelligence-assisted development. The company said the framework had "assembled multiple components with scant regard for sophisticated tradecraft or operational security," arguing that AI can lower the barrier to entry and make certain capabilities available to actors with less technical expertise.
Operational effects: data theft, lateral movement, and destructive actions
Before CrownX displays a ransom note, Avalon performs broad data collection, command-and-control (C2) communication, and persistence and movement preparations. Blackpoint Cyber lists the framework’s capabilities as including:
- Harvesting credentials, cookies, history, and bookmarks from Chromium-based browsers and Mozilla Firefox;
- Gathering data from cryptocurrency wallet apps (MetaMask, Phantom, Coinbase Wallet, Exodus, Electrum, Atomic Wallet, Ledger Live, and Bitcoin Core) and from Discord, Slack, Teams, OpenVPN, WireGuard, and Windows Credential Manager;
- Collecting SSH known hosts, saved RDP connections, Wi‑Fi profiles, and Group Policy Preferences cpassword artifacts;
- Exfiltrating data to a remote server at "helloxcherry[.]com" and polling that server for tasking commands;
- Reconnaissance and prioritization of systems that could expand the compromise;
- Encrypting files tied to business operations, software development, engineering, data storage, and virtual infrastructure using the Windows Cryptography API, and delivering a ransom note with payment instructions and deadline timers showing escalation times;
- Inhibiting recovery by terminating the Volume Shadow Copy Service and deleting shadow copies;
- Running an anti-forensic cleanup subsystem to remove artifacts and complicate incident response;
- Direct interaction with disk structures—likely to damage partition information, boot records, or other critical drive areas—effectively rendering systems unusable.
"CrownX represented the final extortion stage, but the damage extended well beyond the encryption itself," Blackpoint Cyber said. By the time the ransom note appeared, the framework had already harvested credentials, established C2 communications, prepared multiple lateral-movement paths, and weakened local recovery options.
How technologists, affected enterprises, and end users should respond
Technologists and security teams will need to account for multi-stage delivery mechanisms that embed malicious content inside disk images and use MSBuild and .NET stages that interfere with ETW and other telemetry sources. Monitoring for anomalous use of MSBuild projects and atypical mounted-ISO activity may be relevant to detection and response.
Affected enterprises and procurement leaders should note the breadth of data-targeting described — from browser artifacts and enterprise collaboration apps to cryptocurrency wallets and saved remote-access credentials — and prioritize protections and recovery planning for those classes of assets.
End users should be aware that a clean-looking legal-document lure can hide an ISO image containing a shortcut named like a PDF; interacting with such files can trigger a complex, in-memory chain that ultimately deploys ransomware.
The Avalon disclosure arrives alongside other AI-related malware research referenced by the same reporting: Sysdig’s documentation of an agentic ransomware infection codenamed JADEPUFFER that used a Langflow instance (CVE-2025-3248) to run an adaptive automated campaign, and Palo Alto Networks Unit 42’s description of an implant that translates plaintext attacker instructions into shell commands via a public LLM API ("api.groq[.]com/openai/v1/chat/completions") and a Telegram bot — an artifact uploaded to VirusTotal on March 11, 2026, that reportedly has zero detections across engines.
Avalon and CrownX underscore a shift in attack tradecraft described by Blackpoint Cyber: complex, multi-capability frameworks can be assembled and deployed with components that mask telemetry and actively degrade recovery, and AI-assisted development can compress the time and skill required to produce those components. Whether defenders can close that gap will depend on detection of the multi-stage signals outlined above and on reducing the opportunities that staged phishing chains exploit.




