AI Security AI安全 7d ago Updated 6d ago 更新于 6天前 46

New Avalon Malware Framework Packs CrownX Ransomware Capabilities 新Avalon恶意软件框架集成CrownX勒索软件功能

Discovery of the Avalon modular malware framework, which integrates credential harvesting, lateral movement, and the CrownX ransomware component via a sophisticated multi-stage phishing chain. Evidence suggests AI-assisted development in Avalon, indicating that LLMs are lowering the barrier to entry for creating complex, multi-capability malware frameworks. Identification of JADEPUFFER, the first publicly documented agentic ransomware attack driven end-to-end by an LLM, demonstrating real-time a 发现名为Avalon的新型模块化恶意软件框架,集成凭证窃取、横向移动及CrownX勒索软件功能,具备强大的防御规避能力。 Avalon展示明显的AI辅助开发特征,通过组装现有组件降低技术门槛,表明AI正在使恶意软件开发更易获取且无需深厚专业知识。 披露首个由大型语言模型驱动的“代理式”勒索软件攻击案例(代号JADEPUFFER),利用Langflow漏洞实现完全自动化和自适应攻击。 出现结合Telegram Bot与公开LLM API的无代码AI恶意软件,通过实时交互执行命令并回传结果,进一步模糊了传统恶意软件的边界。

65
Hot 热度
70
Quality 质量
60
Impact 影响力

Analysis 深度分析

TL;DR

  • Discovery of the Avalon modular malware framework, which integrates credential harvesting, lateral movement, and the CrownX ransomware component via a sophisticated multi-stage phishing chain.
  • Evidence suggests AI-assisted development in Avalon, indicating that LLMs are lowering the barrier to entry for creating complex, multi-capability malware frameworks.
  • Identification of JADEPUFFER, the first publicly documented agentic ransomware attack driven end-to-end by an LLM, demonstrating real-time adaptive behavior and autonomous task completion.
  • Emergence of codeless AI malware utilizing Telegram bots and public LLM APIs for command-and-control, further reducing the technical expertise required for cyberattacks.

Why It Matters

This article highlights a paradigm shift in cybersecurity where artificial intelligence is actively lowering the skill floor for malicious actors, enabling less sophisticated groups to deploy advanced, adaptive ransomware and malware frameworks. For security practitioners, this signals an urgent need to update detection strategies to account for AI-generated code, agentic behaviors, and novel delivery mechanisms that bypass traditional security controls.

Technical Details

  • Avalon Framework: A modular malware distributed via password-protected ISO images on Proton Drive, using MSBuild projects to load .NET assemblies that disable Event Tracing for Windows (ETW) for forensic evasion.
  • CrownX Ransomware: The final stage of Avalon, which encrypts files using the Windows Cryptography API, terminates Volume Shadow Copy Services, and interacts directly with disk structures to prevent recovery.
  • JADEPUFFER Agentic Attack: An LLM-driven threat actor that exploited CVE-2025-3248 in Langflow to autonomously pivot targets and execute database-extortion playbooks, adjusting actions in real-time.
  • Codeless AI Malware: A new class of implant that uses a Telegram bot interface combined with public LLM APIs to receive commands and exfiltrate data without executing traditional malicious code binaries.
  • Defense Evasion: Avalon includes subsystems specifically designed to bypass major EDR solutions (Microsoft Defender, CrowdStrike, etc.) by reducing telemetry and concealing execution in user-mode monitoring.

Industry Insight

  • AI as a Force Multiplier for Threat Actors: Organizations must assume that attackers can now rapidly assemble complex malware suites with minimal coding expertise, necessitating a shift from signature-based detection to behavioral and anomaly-based monitoring.
  • Supply Chain and Third-Party Risks: The use of legitimate services like Proton Drive, Langflow, and Telegram for malicious purposes underscores the importance of securing third-party integrations and monitoring for unusual API usage patterns.
  • Evolving Incident Response Protocols: Traditional recovery methods may be insufficient against frameworks like Avalon that actively destroy shadow copies and disk structures; incident response plans must include rapid isolation and immutable backup verification strategies.

TL;DR

  • 发现名为Avalon的新型模块化恶意软件框架,集成凭证窃取、横向移动及CrownX勒索软件功能,具备强大的防御规避能力。
  • Avalon展示明显的AI辅助开发特征,通过组装现有组件降低技术门槛,表明AI正在使恶意软件开发更易获取且无需深厚专业知识。
  • 披露首个由大型语言模型驱动的“代理式”勒索软件攻击案例(代号JADEPUFFER),利用Langflow漏洞实现完全自动化和自适应攻击。
  • 出现结合Telegram Bot与公开LLM API的无代码AI恶意软件,通过实时交互执行命令并回传结果,进一步模糊了传统恶意软件的边界。

为什么值得看

本文揭示了AI技术如何显著降低网络攻击的技术和经济门槛,使得即使是低技能攻击者也能部署复杂的多阶段勒索软件框架。对于安全从业者而言,这标志着威胁格局从依赖专家级定制工具向自动化、自适应的AI驱动攻击转变,亟需更新检测与防御策略以应对这种新型“代理式”威胁。

技术解析

  • Avalon框架架构:采用多阶段钓鱼链(Proton Drive压缩包+ISO镜像+MSBuild项目)进行初始访问,加载.NET程序集以干扰Windows事件追踪(ETW)并下载载荷。其防御规避子系统专门针对Microsoft Defender、CrowdStrike等主流EDR产品优化,可动态调整执行方式以绕过用户模式监控。
  • 功能模块集成:Avalon内置全面的凭证收集器,支持Chromium/Firefox浏览器、多种加密货币钱包(MetaMask, Ledger等)、即时通讯工具(Discord, Slack)及系统凭据管理器。勒索组件CrownX使用Windows CryptoAPI加密文件,并通过终止卷影复制服务(VSS)和删除阴影副本阻碍恢复,同时包含反取证清理和磁盘结构破坏功能。
  • LLM驱动的代理攻击(JADEPUFFER):Sysdig披露的攻击者利用CVE-2025-3248漏洞访问互联网暴露的Langflow实例,运行完全自动化的代理式勒索软件。该代理能实时重试和调整动作,最终对生产数据库服务器执行破坏性勒索剧本,体现了AI在攻击编排中的自适应能力。
  • 无代码AI恶意软件:新发现的恶意软件将植入物与Telegram Bot及公共LLM API连接,形成5秒轮询的命令与控制(C2)循环。攻击者无需编写代码即可通过自然语言指令控制受感染系统,数据通过同一通道回传,实现了极低成本的无代码攻击路径。

行业启示

  • 攻击民主化与成本归零:AI辅助开发和LLM代理的使用使得勒索软件攻击的技能门槛降至最低,攻击成本接近于零。组织不能再仅凭攻击工具的复杂性来判断威胁行为者的成熟度,必须假设任何攻击者都可能拥有高级自动化能力。
  • 防御范式转移:传统的基于签名或静态行为的检测机制难以应对动态调整、自适应的AI驱动攻击。企业需加强针对异常行为、内存中执行以及API滥用(如LLM API、Telegram Bot)的检测能力,并优先修补面向互联网的大模型应用接口(如Langflow)。
  • 供应链与应用安全加固:鉴于攻击者利用合法云服务(Proton Drive)和开源大模型框架(Langflow)作为跳板,安全团队需重新评估第三方服务和开源组件的风险,实施更严格的访问控制和监控,防止合法工具被滥用于恶意目的。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全 Research 科学研究