Back to advisories

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Avalon is a modular malware framework delivering CrownX ransomware through multi-stage phishing attacks. It combines credential theft, lateral movement, and destructive ransomware with advanced evasion techniques. Organizations face full encryption and disk structure damage with limited recovery options.

CRITICALAdvisoryJul 05, 2026
Action required
Hunt for multi-stage phishing campaigns in email logs and monitor for lateral movement using stolen credentials. Block known Avalon IOCs at network perimeter and scan endpoints for CrownX artifacts. Check for suspicious remote access tool installations on critical systems.
Affected products
MicrosoftMSBuildProton DriveBlackpoint Cyber