Hackers Are Using AI to Build a Modular Malware Framework Called Avalon

There’s a new kind of malware making the rounds, and it was built with help from generative AI. Security firm Blackpoint has uncovered a modular framework called Avalon — a tool that lets hackers pick and choose attack components like ordering from a menu.

Until now, most AI-generated malware was limited to single-purpose tools: a backdoor here, a ransomware payload there, or a standalone credential stealer. Avalon is different. It’s a unified framework that bundles multiple attack capabilities under one roof. Hackers load only the components they need for a given target, making the system far more adaptable than traditional one-off malware.

Blackpoint’s analysis shows the attack chain starts with phishing. Once the hackers gain access to a victim’s device, Avalon gets to work: stealing system credentials, destroying backup files, and deploying the CrownX ransomware module to encrypt files on the compromised machine.

What caught researchers’ attention isn’t just what Avalon does — it’s how it was made. The code bears clear AI-generation fingerprints. Blackpoint notes that the framework’s creators don’t appear to have strong programming skills, yet they managed to assemble a complex, multi-component attack system. That’s a signal worth paying attention to.

Generative AI has been lowering the barrier for all kinds of technical work, and malware development is no exception. Tasks that once required deep expertise — writing functional ransomware, integrating credential theft with encryption routines — are now within reach for less skilled attackers. Avalon shows that the quality gap between amateur and professional malware is narrowing, and that’s a problem enterprise security teams will have to grapple with.