Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Opera GX Flaw Let Sites Auto-Install Mods to Steal Data

July 6, 2026

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

July 6, 2026

New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors

July 6, 2026
Facebook X (Twitter) Instagram
Monday, July 6
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
News

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Team-CWDBy Team-CWDJuly 6, 2026No Comments4 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.

The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI) application endpoints for obtaining initial access to enterprise networks. The attack was observed over a 19-day window between March 27 and April 15, 2026.

“In this campaign, a single line of Python code evaluated inside an unauthenticated Langflow API endpoint pulls down a shell script, fetches a miner binary, and launches it detached,” Trend Micro researchers Simon Dulude and John Zhang said in a technical report published last week.

At a high level, the malware is designed to terminate competing cryptocurrency miner processes associated with Kinsing, WatchDog, Rocke, and Outlaw, delete rival wallet and key material, disable host-level security controls, establish cron-based persistence, beacon to an external server (“83.142.209[.]214:80), and deploy a custom miner. It can also propagate to other systems through reused SSH keys, effectively turning an exposed Langflow instance into a pathway for broader compromise.

This involves exploiting the Langflow flaw to run an attacker-supplied Python script, which, in turn, is configured to launch a remotely hosted shell script that acts as a dropper whose primary responsibility is to check if a binary called “lambsys” is already running on the host.

Subsequently, it downloads the binary on the machine using curl or wget, launches it as a detached process, and spreads itself to every SSH-reachable host the victim can authenticate to. The binary, an ELF executable written in Go, is also engineered to disable AppArmor, Ubuntu’s Uncomplicated Firewall, iptables, SELinux, the kernel NMI watchdog, and Alibaba Cloud’s Aliyun agent.

In addition, the malware removes system logs to cover up the tracks, and removes the immutable attribute from files like “~/.ssh/,” “~/.ssh/authorized_keys,” “/etc/crontab,” and “/etc/ld.so.preload,” “/tmp/,” “/var/tmp/,” and “/var/spool/cron” in order to make its modifications, and then reapplies the immutable attribute to “/tmp/” and “/var/tmp/.”

Illicit cryptocurrency mining operations are known to set the “chattr +i” attribute on these files to ensure that they cannot be modified, renamed, or deleted by any user, including the superuser. The binary’s behavior reflects that the threat actor behind the operation is aware of persistence methods adopted by rival cryptojacking groups.

In the final stage, the binary contacts the same server to fetch a TAR archive and extracts from it a bespoke XMRig miner. Once the miner begins execution, the archive file is wiped from the file system. It further sends a request to ipinfo[.]io to obtain the host’s public IP address and location, allowing the threat actors to make operational decisions on the fly.

The first is pool selection. Given that mining pools tend to be geographically distributed, connecting the miner to a pool near the victim can minimize latency and maximize hash rate. The second reason behind obtaining this information is geo-fencing, as it gives the threat actors a way to exclude victims in certain regions.

“Lambsys does not run its attack logic as Go functions,” the researchers explained. “Instead, it forks a cascade of short-lived sh -c subprocesses, each executing one shell command (one pkill, one chattr, one sysctl). The design trades stealth for reliability. If one of 51 pkill commands fails, the failure is contained to that subprocess, and the other 50 carry on.”

Trend Micro said an artifact belonging to the previous iteration of the same binary was compiled in May 2024, indicating that the threat actors behind the campaign have likely been iterating on the family for over two years, while taking steps to evade detection by antivirus tools.

Over the past year, a number of security flaws in Langflow have come under active exploitation. In June 2025, another critical vulnerability (CVE-2025-3248, CVSS score: 9.8) was abused to distribute the Flodrix botnet malware.

“This cryptocurrency-mining campaign shows how exposed AI application endpoints are becoming another route into enterprise environments,” Trend Micro said. “The payload might be familiar, but the delivery vector is not. A Langflow vulnerability gives commodity cryptominer operators a new front door into systems running AI application infrastructure.”



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleNew Iran-Nexus Hacking Group Targets Israel Government and IT Sectors
Next Article Opera GX Flaw Let Sites Auto-Install Mods to Steal Data
Team-CWD
  • Website

Related Posts

News

Opera GX Flaw Let Sites Auto-Install Mods to Steal Data

July 6, 2026
News

New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors

July 6, 2026
News

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

July 6, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

How to tell if a voice call is AI or not

February 23, 2026

Why that next data breach alert could be a trap

April 18, 2026

What are brushing scams and how do I stay safe?

December 24, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.