From Langflow to Monero: Inside CVE-2026-33017 Cryptominer

MITRE Techniques

• [T1595.002 ] Active Scanning – Threat actors performed recon against exposed Langflow endpoints with varied user agents before exploitation (’10 requests in five seconds’, ‘mass-scanning unauthenticated AI application endpoints’).
• [T1190 ] Exploit Public-Facing Application – CVE-2026-33017 was used against Langflow’s unauthenticated API endpoint to gain code execution (‘an unauthenticated POST to Langflow’s /api/v1/build_public_tmp/{flow_id}/flow endpoint’).
• [T1059.006 ] Command and Scripting Interpreter: Python – Attacker-controlled Python was evaluated inside the Langflow process (‘__import__(‘os’).system(…)’).
• [T1059.004 ] Command and Scripting Interpreter: Unix Shell – The attack chain used shell execution via curl | sh and wget | sh (‘curl … | sh’, ‘wget -O – … | sh’).
• [T1105 ] Ingress Tool Transfer – Payloads including isp.sh, lambsys, and ks.tar were downloaded from the attacker server (‘downloads lambsys binary via curl or wget’, ‘Downloads ks.tar’).
• [T1053.003 ] Scheduled Task/Job: Cron – lambsys created cron-based persistence that checked and relaunched the miner (‘plant two persistence watchdogs: a cron job every five minutes’).
• [T1543.004 ] Create or Modify System Process – The malware disabled startup/security services and manipulated boot-time behavior (‘service apparmor stop’, ‘systemctl disable aliyun.service’).
• [T1562.001 ] Impair Defenses: Disable or Modify Tools – Security products and system protections were disabled (‘Disable AppArmor, UFW, iptables, SELinux, the kernel NMI watchdog’).
• [T1562.004 ] Impair Defenses: Disable Firewall – Network filtering was removed to allow miner and beacon traffic (‘ufw disable’, ‘iptables -F’).
• [T1222 ] File and Directory Permissions Modification – chattr was used to strip or set immutable/append-only flags on persistence and SSH paths (‘chattr -iua /tmp/’, ‘chattr +iua /var/tmp and /tmp’).
• [T1070.002 ] Indicator Removal on Host: Clear Linux or Mac System Logs – The malware deleted syslog to erase evidence (‘rm -rf /var/log/syslog’).
• [T1070.004 ] Indicator Removal on Host: File Deletion – The operator removed logs and cleanup artifacts from the host (‘rm -rf /var/log/syslog’, ‘rm -rf ks.tar’).
• [T1021.004 ] Remote Services: SSH – isp.sh used SSH to move laterally to reachable hosts with BatchMode and known_hosts enumeration (‘spread itself to every SSH-reachable host’).
• [T1552.004 ] Unsecured Credentials: Private Keys – The worm enumerated SSH private keys and agent sockets for lateral movement (‘id_rsa, id_ed25519, or id_dsa’).
• [T1016 ] System Network Configuration Discovery – The malware enumerated connectivity and reachable hosts through SSH-related files and sockets (‘known_hosts parsing to enumerate reachable hosts’).
• [T1082 ] System Information Discovery – The campaign queried system identity and environment details (‘id’, ‘uname’, ‘/etc/os-release’).
• [T1083 ] File and Directory Discovery – The dropper checked for existing binaries and searched for miner artifacts (‘checks whether a binary called lambsys is already running’).
• [T1614 ] System Location Discovery – The malware queried ipinfo.io to learn the victim’s public location and ASN (‘DNS lookup for ipinfo.io’).
• [T1496 ] Resource Hijacking – The customized XMRig miner used victim CPU resources for Monero mining (‘begun beaconing to its C&C’, ‘connects to a pool on TCP/3333’).
• [T1531 ] Account Access Removal – The malware deleted competing miner-related accounts (‘userdel akay’, ‘userdel vfinder’).
• [T1574.006 ] Hijack Execution Flow: Dynamic Linker Hijacking – The analysis notes cleanup of /etc/ld.so.preload used by LD_PRELOAD-based rootkits (‘rm -f /etc/ld.so.preload’).
• [T1036.005 ] Masquerading: Match Legitimate Resource Name or Location – The miner used misleading names and paths to blend in (‘SystemMonitor/6.25.0’, hidden directory names, innocent-looking component labels).
• [T1027 ] Obfuscated Files or Information – The malware hid payloads in obfuscated directories and packed binaries with UPX (‘triple-dot-space hidden directory’, ‘UPX-packed Go binary’).