Malicious npm Packages Target n8n Workflow Automation to Steal OAuth Credentials
Threat actors recently uploaded eight malicious npm packages designed to impersonate integrations for the n8n workflow automation platform, aiming to steal developers' OAuth credentials. The campaign, uncovered by Endor Labs, represents a new escalation in supply chain attacks by exploiting workflow automation tools that centralize sensitive credentials including Google Ads, Stripe, and Salesforce tokens in a single location.
One package, "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit", mimicked a Google Ads integration, tricking users into linking their accounts via a seemingly legitimate form before exfiltrating credentials to attacker-controlled servers. The malicious packages, now removed, collectively amassed over 27,000 downloads under multiple usernames, including kakashi-hatake, zabuza-momochi, and diendh. Some linked accounts remain active, with at least one package (n8n-nodes-zl-vietts) flagged for prior malware associations.
The attack leveraged n8n’s community node system, which allows third-party integrations to execute with the same privileges as the platform itself. Once installed, the malicious packages decrypted stored OAuth tokens using n8n’s master key and transmitted them to external servers during workflow execution. This marks the first known supply chain attack explicitly targeting n8n, exploiting trust in community-driven integrations.
n8n has warned that community nodes particularly those sourced from npm pose significant risks, as they can access environment variables, file systems, and decrypted credentials without sandboxing. Self-hosted instances are advised to disable community nodes by setting N8N_COMMUNITY_PACKAGES_ENABLED to false. The discovery underscores the broader security risks of integrating unvetted workflows, which can expand an organization’s attack surface. A recently updated package (n8n-nodes-gg-udhasudsh-hgjkhg-official) suggests the campaign may still be active.
Source: https://thehackernews.com/2026/01/n8n-supply-chain-attack-abuses.html
n8n cybersecurity rating report: https://www.rankiteo.com/company/n8n
npm, Inc. cybersecurity rating report: https://www.rankiteo.com/company/npm-inc-
"id": "N8NNPM1768244856",
"linkid": "n8n, npm-inc-",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Developers and organizations '
'using malicious npm packages',
'industry': 'Software/Technology',
'name': 'n8n',
'type': 'Workflow Automation Platform'}],
'attack_vector': 'Malicious npm Packages',
'customer_advisories': 'Developers advised to audit packages and disable '
'community nodes in self-hosted instances',
'data_breach': {'data_encryption': 'Tokens stored encrypted in n8n but '
'decrypted and exfiltrated during workflow '
'execution',
'data_exfiltration': 'Yes (tokens exfiltrated to '
'attacker-controlled servers)',
'personally_identifiable_information': 'Potential (if '
'integrated services '
'contained PII)',
'sensitivity_of_data': 'High (authentication tokens and '
'credentials)',
'type_of_data_compromised': 'OAuth tokens, API keys, '
'credentials for integrated '
'services (e.g., Google Ads, '
'Stripe, Salesforce)'},
'description': 'Threat actors uploaded eight malicious npm packages '
'masquerading as integrations for the n8n workflow automation '
"platform to steal developers' OAuth credentials. The packages "
'prompted users to link their advertising accounts (e.g., '
'Google Ads) and exfiltrated credentials to '
'attacker-controlled servers. This represents a new escalation '
'in supply chain threats by exploiting workflow automation '
'platforms as centralized credential vaults.',
'impact': {'brand_reputation_impact': 'Erosion of trust in community '
'integrations and n8n ecosystem',
'data_compromised': 'OAuth tokens, API keys, sensitive credentials '
'for integrated services',
'identity_theft_risk': 'High (OAuth tokens and credentials stolen)',
'operational_impact': 'Potential unauthorized access to integrated '
'services, workflow disruptions',
'payment_information_risk': 'Potential (if payment-related '
'services like Stripe were integrated)',
'systems_affected': 'n8n workflow automation platform, developer '
'environments using malicious npm packages'},
'initial_access_broker': {'entry_point': 'Malicious npm packages',
'high_value_targets': 'n8n workflow automation '
'platform, integrated '
'services (Google Ads, '
'Stripe, Salesforce)'},
'investigation_status': 'Ongoing (updated malicious package detected '
'recently)',
'lessons_learned': 'Supply chain threats can target workflow automation '
'platforms as centralized credential vaults. Community '
'integrations expand the attack surface and lack '
'sandboxing, enabling deep access to sensitive data. '
'Developers must audit packages before installation and '
'prefer official integrations.',
'motivation': 'Credential theft, unauthorized access to integrated services '
'(e.g., Google Ads, Stripe, Salesforce)',
'post_incident_analysis': {'corrective_actions': ['Disable community nodes in '
'self-hosted instances',
'Implement sandboxing for '
'community nodes',
'Enhance package vetting '
'processes'],
'root_causes': ['Lack of sandboxing in n8n '
'community nodes',
'Trust in unvetted community '
'integrations',
'Centralized storage of sensitive '
'credentials in workflow '
'automation platforms']},
'recommendations': ['Audit npm packages before installation',
'Scrutinize package metadata for anomalies',
'Use official n8n integrations',
'Disable community nodes in self-hosted n8n instances '
'(N8N_COMMUNITY_PACKAGES_ENABLED=false)',
'Monitor for suspicious outbound network requests from '
'n8n workflows'],
'references': [{'source': 'Endor Labs Report'},
{'source': 'ReversingLabs Spectra Assure Analysis'},
{'source': 'n8n Security Advisory'}],
'response': {'communication_strategy': 'Security advisories from n8n and '
'Endor Labs',
'containment_measures': 'Malicious npm packages removed from '
'registry',
'remediation_measures': 'Disabling community nodes in '
'self-hosted n8n instances '
'(N8N_COMMUNITY_PACKAGES_ENABLED=false)',
'third_party_assistance': 'Endor Labs, ReversingLabs Spectra '
'Assure'},
'stakeholder_advisories': 'n8n warned about security risks of community nodes '
'from npm',
'threat_actor': 'Unknown (associated npm authors: kakashi-hatake, hezi109, '
'zabuza-momochi, dan_even_segler, haggags, vietts_code, '
'diendh)',
'title': 'Malicious npm Packages Targeting n8n Workflow Automation Platform '
'to Steal OAuth Credentials',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Trust in community integrations, lack of '
'sandboxing in n8n community nodes'}