Jan 12, 2026Ravie LakshmananVulnerability / Workflow Automation
Risk actors have been noticed importing a set of eight packages on the npm registry that masqueraded as integrations focusing on the n8n workflow automation platform to steal builders’ OAuth credentials.
One such bundle, named “n8n-nodes-hfgjf-irtuinvcm-lasdqewriit,” mimics a Google Adverts integration, and prompts customers to hyperlink their promoting account in a seemingly professional type after which siphon it to servers beneath the attackers’ management.
“The assault represents a brand new escalation in provide chain threats,” Endor Labs stated in a report printed final week. “In contrast to conventional npm malware, which frequently targets developer credentials, this marketing campaign exploited workflow automation platforms that act as centralized credential vaults – holding OAuth tokens, API keys, and delicate credentials for dozens of built-in companies like Google Adverts, Stripe, and Salesforce in a single location.”
The whole checklist of recognized packages, which have since been eliminated, is as follows –
n8n-nodes-hfgjf-irtuinvcm-lasdqewriit (4,241 downloads, creator: kakashi-hatake)
n8n-nodes-ggdv-hdfvcnnje-uyrokvbkl (1,657 downloads, creator: kakashi-hatake)
n8n-nodes-vbmkajdsa-uehfitvv-ueqjhhhksdlkkmz (1,493 downloads, creator: kakashi-hatake)
n8n-nodes-performance-metrics (752 downloads, creator: hezi109)
n8n-nodes-gasdhgfuy-rejerw-ytjsadx (8,385 downloads, creator: zabuza-momochi)
n8n-nodes-danev (5,525 downloads, creator: dan_even_segler)
n8n-nodes-rooyai-model (1,731 downloads, creator: haggags)
n8n-nodes-zalo-vietts (4,241 downloads, authors: vietts_code and diendh)
The customers “zabuza-momochi,” “dan_even_segler,” and “diendh” have additionally been linked to different libraries which can be nonetheless accessible for obtain as of writing –
It isn’t clear in the event that they harbor related malicious performance. Nevertheless, an evaluation of the primary three packages on ReversingLabs Spectra Guarantee has uncovered no safety points. Within the case of “n8n-nodes-zl-vietts,” the evaluation has flagged the library as containing a part with malware historical past.
Apparently, an up to date model of the bundle “n8n-nodes-gg-udhasudsh-hgjkhg-official” was printed to npm simply three hours in the past, suggesting that the marketing campaign is presumably ongoing.
The malicious bundle, as soon as put in as a group node, behaves like some other n8n integration, displaying configuration screens and saving the Google Adverts account OAuth tokens in encrypted format to the n8n credential retailer. When the workflow is executed, it runs code to decrypt the saved tokens utilizing n8n’s grasp key and exfiltrates them to a distant server.
The event marks the primary time a provide chain menace has explicitly focused the n8n ecosystem, with unhealthy actors weaponizing the belief in group integrations to attain their targets.
The findings spotlight the safety points that include integrating untrusted workflows, which might broaden the assault floor. Builders are really helpful to audit packages earlier than putting in them, scrutinize bundle metadata for any anomalies, and use official n8n integrations.
N8n has additionally warned concerning the safety threat arising from using group nodes from npm, which it stated can execute malicious actions on the machine that the service runs on. On self-hosted n8n cases, it is suggested to disable group nodes by setting N8N_COMMUNITY_PACKAGES_ENABLED to false.
“Neighborhood nodes run with the identical degree of entry as n8n itself. They’ll learn atmosphere variables, entry the file system, make outbound community requests, and, most critically, obtain decrypted API keys and OAuth tokens throughout workflow execution,” researchers Kiran Raj and Henrik Plate stated. “There isn’t any sandboxing or isolation between node code and the n8n runtime.”
“Due to this, a single malicious npm bundle is sufficient to achieve deep visibility into workflows, steal credentials, and talk externally with out elevating instant suspicion. For attackers, the npm provide chain presents a quiet and extremely efficient entry level into n8n environments.”
