Malicious n8n Community Nodes Expose OAuth Tokens in Sophisticated npm Supply Chain Attack

Listen to this Post

Featured Image

A Silent Breach in Workflow Automation

A newly uncovered supply chain attack has exposed a critical weakness in the ecosystem surrounding n8n, a widely used workflow automation platform. Cybercriminals successfully infiltrated n8n’s community node ecosystem by publishing malicious npm packages that masqueraded as legitimate integrations. These packages were designed to quietly steal OAuth credentials and API keys from developers, turning trusted automation workflows into data exfiltration pipelines without raising immediate alarms.

Why This Attack Matters Now

The incident highlights a growing trend: attackers are no longer just targeting individual developers or isolated libraries. Instead, they are weaponizing platforms that act as centralized hubs for credentials, automation, and business logic. In the case of n8n, a single malicious community node can potentially expose access tokens for dozens of connected services, multiplying the impact of one compromised package.

Summary of the Original

A Malicious Package in Disguise

Security researchers identified a malicious npm package named n8n-nodes-hfgjf-irtuinvcm-lasdqewriit, which was published to the npm registry while posing as a Google Ads integration for n8n. At first glance, the package appeared legitimate, offering what looked like a standard credential configuration interface familiar to n8n users.

Credential Theft During Workflow Execution

Once installed and executed within an n8n workflow, the package silently exfiltrated sensitive data. OAuth tokens, API keys, and developer credentials entered through the node were transmitted to an attacker-controlled server, n8n-license-validator.onrender.com, without user awareness. This theft occurred during normal workflow execution, making the behavior difficult to detect through casual observation.

Exploiting Trust in the n8n Ecosystem

Unlike traditional npm malware that often targets local environment variables or developer machines, this campaign exploited a core trust assumption in n8n’s architecture. Community nodes are allowed to access decrypted credentials at runtime, and they often run with broad system permissions. This design choice made it possible for a malicious node to function as a credential siphon.

Centralized Credential Exposure

Because n8n workflows frequently integrate multiple services—such as Google Ads, Stripe, Salesforce, and internal APIs—the compromised node did not just steal a single token. It potentially exposed entire credential vaults tied to automation pipelines, significantly amplifying the scope of the breach.

Multiple Malicious Packages Identified

Further investigation revealed that the attack was not limited to a single package. Data security firm Endor Labs identified at least eight malicious npm packages targeting n8n users. These included n8n-nodes-performance-metrics, n8n-nodes-danev, and n8n-nodes-rooyai-model, among others.

Official Tracking and Takedown

Several of these packages have since been removed from the npm registry. One of the malicious components is tracked under the security advisory GHSA-77g5-qpc3-x24r, confirming the coordinated nature of the campaign.

Widespread Exposure Risk

Before its removal, the primary malicious package recorded more than 3,498 weekly downloads, suggesting a significant number of potentially affected environments. This download volume underscores how easily such threats can propagate in popular developer ecosystems.

A Perfect Storm of Timing

The discovery of these malicious packages coincided with separate research from Cyera, which found over 100,000 n8n servers vulnerable to CVE-2026-21858. Together, these findings paint a picture of a rapidly expanding attack surface tied to n8n’s growing adoption.

Architectural Weaknesses at Play

n8n’s flexibility is also its weakness. Community nodes execute with full system access and receive decrypted credentials at runtime. There is no default sandboxing or isolation layer to prevent nodes from accessing sensitive workflow data or initiating outbound network requests.

Security Recommendations

Experts advise organizations to favor official n8n integrations over community nodes whenever possible. Additional recommendations include auditing package metadata for suspicious indicators, monitoring outbound traffic from n8n instances, and enforcing least-privilege access for service accounts to reduce the impact of credential compromise.

What Undercode Say:

Supply Chain Attacks Are Shifting Up the Stack

This incident represents a clear evolution in supply chain threats. Attackers are no longer satisfied with stealing a single API key from a developer’s laptop. By targeting workflow automation platforms like n8n, they gain access to systems that aggregate credentials, logic, and business processes in one place.

Workflow Platforms as High-Value Targets

n8n functions as a nerve center for modern operations. Marketing automation, payment processing, CRM synchronization, and internal tooling often converge inside a single workflow engine. Compromising that engine provides attackers with a panoramic view of an organization’s digital operations.

The Illusion of Community Trust

Community-driven ecosystems thrive on trust and speed. Developers often assume that packages shared under a platform’s naming convention are benign. Attackers exploit this assumption by publishing nodes that look official, use familiar UI patterns, and promise useful integrations.

Randomized Names as a Red Flag

The strange, randomized naming of the malicious package should have raised suspicion. However, in fast-moving environments, developers frequently prioritize functionality over scrutiny. This highlights the need for stronger cultural norms around dependency review, even in low-code and no-code platforms.

Runtime Credential Access Is a Double-Edged Sword

n8n’s ability to decrypt credentials at runtime is powerful, but dangerous. Without strict isolation, any node—malicious or not—can access sensitive secrets. This design choice effectively turns community nodes into privileged insiders.

npm Remains a Soft Underbelly

Despite years of high-profile incidents, npm continues to be a fertile ground for supply chain attacks. The sheer volume of packages and the low barrier to publishing make it difficult to distinguish legitimate tools from malicious impostors at scale.

Detection Is Inherently Difficult

Because the malicious node behaved like a normal integration and only exfiltrated data during execution, traditional static analysis or signature-based detection methods are unlikely to catch it. Behavioral monitoring and outbound traffic inspection become critical defenses.

The Compounding Effect of Automation

Automation amplifies both productivity and risk. When a workflow runs every hour, day, or minute, a single malicious node can continuously leak fresh credentials and data, compounding damage over time.

Official Integrations as a Security Baseline

Organizations should treat official n8n integrations as the default and require explicit justification for using community nodes. This does not eliminate risk, but it significantly reduces exposure to unvetted code.

Least Privilege Is Non-Negotiable

Service accounts connected to automation platforms should be scoped as narrowly as possible. Even if credentials are stolen, limiting permissions can prevent attackers from moving laterally or causing catastrophic damage.

Monitoring Over Blind Trust

Outbound network monitoring from n8n instances should be standard practice. Unexpected calls to unfamiliar domains—especially during credential handling—are often the only visible sign of malicious behavior.

A Warning for the Low-Code Movement

This attack should serve as a wake-up call for the broader low-code and no-code ecosystem. As these platforms gain enterprise adoption, they will increasingly attract sophisticated threat actors who understand their architectures better than many users do.

Fact Checker Results

Verified Supply Chain Compromise ✅

Security researchers and Endor Labs confirmed multiple malicious npm packages targeting n8n’s community ecosystem.

Credential Exfiltration Confirmed ✅

The malicious nodes actively transmitted OAuth tokens and API keys to an attacker-controlled server during execution.

Architectural Risk Identified ❌

While risky, n8n’s design choices are intentional trade-offs for flexibility, not implementation bugs.

Prediction

Increased Scrutiny of Community Nodes 🔍

Expect stricter vetting processes and possible signing requirements for community nodes in n8n and similar platforms.

More Attacks on Automation Platforms ⚠️

Threat actors will continue targeting workflow and low-code tools as centralized points of access to enterprise systems.

Security Features Will Become a Differentiator 🚀

Platforms that introduce sandboxing, isolation, and granular permission models will gain a competitive edge as security becomes a primary buying factor.

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: cyberpress.org
Extra Source Hub (Possible Sources for article):
https://www.facebook.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon