lambsys

spreads itself to every SSH-reachable host the victim can authenticate to

disable host-level security controls, establish cron-based persistence

Lambsys does not run its attack logic as Go functions... Instead, it forks a cascade of short-lived sh -c subprocesses, each executing one shell command

a single line of Python code evaluated inside an unauthenticated Langflow API endpoint pulls down a shell script, fetches a miner binary, and launches it detached

Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.

File Path : ... /etc/rcS.d/K01apparmor

disable host-level security controls, establish cron-based persistence

spreads itself to every SSH-reachable host the victim can authenticate to

AppArmor, Ubuntu’s default Mandatory Access Control framework, is stopped with service apparmor stop and taken out of the boot path with systemctl disable apparmor... service aliyun.service stop and systemctl disable aliyun.service

chattr -iae ~/.ssh/ and chattr -iae ~/.ssh/authorized_keys remove immutable and append-only attributes from the SSH directory and authorized_keys file, clearing the way for the lateral movement stage (isp.sh) to plant its key.

File Path : ... /etc/rcS.d/K01apparmor

disable host-level security controls, establish cron-based persistence

spreads itself to every SSH-reachable host the victim can authenticate to

AppArmor, Ubuntu’s default Mandatory Access Control framework, is stopped with service apparmor stop and taken out of the boot path with systemctl disable apparmor... service aliyun.service stop and systemctl disable aliyun.service

The /tmp/.X11-unix / directory is a particularly notable hiding spot because it legitimately exists on any Linux system running X11, and files named 01, 11, 22 blend into the socket namespace.

In addition, the malware removes system logs to cover up the tracks

A companion cleanup pass deletes rival wallet and key material: rm -rf /tmp/addre*, rm -rf /tmp/walle*, and rm -rf /tmp/keys.

spreads itself to every SSH-reachable host the victim can authenticate to

lambsys does not run its attack logic as Go functions. Instead, it forks a cascade of short-lived sh -c subprocesses, each executing one shell command

The 2024 sample is largely similar to the 2026 build... sandbox-stalling sleeps (T1497)

It further sends a request to ipinfo[.]io to obtain the host's public IP address and location, allowing the threat actors to make operational decisions on the fly.

Otherwise, it creates a hidden persistence directory at /var/tmp/.xlamb

removes the immutable attribute from files like "~/.ssh/," "~/.ssh/authorized_keys," "/etc/crontab," and "/etc/ld.so.preload," "/tmp/," "/var/tmp/," and "/var/spool/cron" in order to make its modifications, and then reapplies the immutable attribute

chattr -iae ~/.ssh/ and chattr -iae ~/.ssh/authorized_keys remove immutable and append-only attributes from the SSH directory and authorized_keys file, clearing the way for the lateral movement stage (isp.sh) to plant its key.

sysctl kernel.nmi_watchdog=0

chattr -iae ~/.ssh/ and chattr -iae ~/.ssh/authorized_keys remove immutable and append-only attributes from the SSH directory and authorized_keys file, clearing the way for the lateral movement stage (isp.sh) to plant its key.

The chattr sweep also targets SSH configuration: chattr -iae ~ /.ssh / and chattr -iae ~ /.ssh/authorized_keys remove immutable and append-only attributes from the SSH directory and authorized_keys file, clearing the way for the lateral movement stage (isp.sh) to plant its key.

The script begins by verifying if the miner is already running... The dropper calls pgrep -f "lambsys"... lambsys fires pgrep -x lambsys.elf repeatedly throughout its own execution.

The 2024 sample is largely similar to the 2026 build... sandbox-stalling sleeps (T1497)

It further sends a request to ipinfo[.]io to obtain the host's public IP address and location, allowing the threat actors to make operational decisions on the fly.

It can also propagate to other systems through reused SSH keys, effectively turning an exposed Langflow instance into a pathway for broader compromise.

It can degrade system performance, increase costs, and lateral move to other systems via reused SSH keys.

beacon to an external server ("83.142.209[.]214:80)

Subsequently, it downloads the binary on the machine using curl or wget, launches it as a detached process

We detected a cryptocurrency-mining campaign... The malware disables host-level security controls, deploys a custom miner, and establishes persistence.

The binary, an ELF executable written in Go, is also engineered to disable AppArmor, Ubuntu's Uncomplicated Firewall, iptables, SELinux, the kernel NMI watchdog, and Alibaba Cloud's Aliyun agent.

ufw disable takes out Ubuntu’s Uncomplicated Firewall, and iptables -F flushes all filter-table rules... AppArmor... is stopped... SELinux... gets the same treatment... service aliyun.service stop and systemctl disable aliyun.service stop and disable Alibaba Cloud’s host-based security monitoring agent.