Do Son 
At least 39 rival malware families appear on a kill list used by a new Langflow cryptominer malware campaign. Threat actors now target exposed artificial intelligence application endpoints to breach enterprise networks. They exploit CVE-2026-33017, which is a critical remote code execution vulnerability. Consequently, attackers hijack servers to mine cryptocurrency.
At a glance
- Malware Family: Modified KORKERDS/MALXMR variant
- Threat Actor: Suspected independent operator (unconfirmed)
- Target or Victims: Exposed Langflow instances (victim count unknown)
- Delivery Vector: CVE-2026-33017 (Unauthenticated RCE)
- Key Capabilities: Cryptomining, SSH worm propagation, defense evasion
- Source: TrendAI Research
TL;DR
A new Langflow cryptominer malware campaign actively exploits unpatched AI endpoints. Attackers use CVE-2026-33017 to bypass authentication and execute malicious code. Administrators must patch immediately to prevent resource hijacking and lateral movement across their networks.
Delivery
The campaign begins by scanning the internet for exposed Langflow instances. Hackers specifically hunt for servers running vulnerable software versions. Next, they exploit CVE-2026-33017 to gain initial system access. This flaw allows unauthenticated remote code execution. Therefore, attackers bypass normal login procedures entirely. The payload delivers a customized cryptocurrency miner directly to the host system.
This delivery method marks a clear shift in cybercrime tactics. The underlying cryptomining tools are not new. However, attackers increasingly view AI infrastructure as an easy entry point. This specific vulnerability gives commodity malware operators a new front door. They can easily infiltrate systems running modern AI applications. The malware consumes massive amounts of system resources. This activity degrades server performance and heavily increases cloud computing costs. Many organizations fail to monitor their AI endpoints for such resource spikes.
Infection chain
Once inside, the Langflow cryptominer malware acts quickly to secure its position. First, it disables host-level security controls to avoid detection. Then, the malware deploys a modified payload based on the KORKERDS playbook. Interestingly, the operators rewrote the original toolchain using the Go programming language. The malware establishes persistence so it survives system reboots. It uses a novel file named init_rmount during this phase.
Furthermore, the infection creates a specialized kill list containing 39 targets. This list actively hunts and terminates competing malware families. It specifically targets modern threats like Kinsing. The malware also deletes specific user accounts, such as akay and vfinder. This action prevents other hackers from accessing the compromised machine.
Next, the malware searches the infected machine for reused SSH keys. It uses these stolen keys to spread to other connected systems. This SSH worm capability is highly dangerous. It turns a single exposed Langflow server into a bridgehead for broader network compromise.
Command-and-control and data-exfiltration behaviour
Researchers observed distinct command-and-control patterns during their analysis. The malware connects to a previously unseen cryptocurrency wallet. It receives mining instructions from external servers. The operators actively maintain their toolchain between attack waves. They make iterative engineering decisions to improve their attacks.
The original malware playbook was freely available online. Anyone could copy the encoded text and deploy it. This specific threat actor chose to build a completely new framework around those old patterns. They introduced novel capabilities that reflect modern ecosystem knowledge. The inclusion of a 2024-era kill list proves they understand the current threat landscape.
Regarding attribution, analysts suspect an independent operator runs this campaign. However, this attribution remains unconfirmed. According to a TrendAI Research analysis, “The simplest explanation is technique inheritance from a public source.” The attacker likely adapted a public Pastebin playbook. They combined old, Base64-encoded techniques with new Go-based engineering. Victim numbers remain completely unknown at this time.
Defense or detection guidance
Organizations must secure their AI applications immediately to stop this Langflow cryptominer malware. Administrators should update Langflow to version 1.9.0 or later. This update contains critical security fixes. Specifically, version 1.9.0.dev8 introduces a strict remediation. It prevents public flows from accepting untrusted, attacker-controlled data.
Additionally, teams must restrict public access to all Langflow instances. You should review service privileges and enforce the principle of least privilege. Defenders must check system logs for any signs of attempted exploitation. Treat any sign of compromise as a serious security incident. Do not assume the damage is limited to just cryptocurrency mining. The SSH worm component means attackers might have installed secondary backdoors. Security teams must conduct thorough forensic investigations on all linked servers. If you detect a compromise, you must rotate all exposed SSH keys. Finally, inspect all connected systems for unauthorized lateral movement.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
