Attackers abuse trusted workflow integrations to siphon credentials from automation platforms
Security researchers have uncovered a new supply chain attack involving malicious packages published to the npm registry that specifically target the n8n workflow automation platform. Unlike traditional npm malware, this campaign focuses on stealing OAuth tokens and API credentials stored within automation workflows.
Attackers disguised the malicious packages as legitimate n8n integrations, tricking developers into installing them as community nodes.
How the Attack Works
Once installed, the malicious packages behave like normal n8n integrations. They present familiar configuration screens and prompt users to connect external services such as advertising or analytics platforms.
After users link their accounts, the packages store OAuth tokens inside n8n’s credential vault, just like legitimate nodes. However, during workflow execution, the malicious code decrypts the stored credentials using n8n’s master key and quietly sends them to attacker-controlled servers.
Because the integration appears to function normally, users often remain unaware of the theft.
Scope of the Campaign
Researchers identified eight malicious npm packages impersonating n8n integrations. These packages collectively accumulated thousands of downloads before removal.
Several authors associated with the malicious uploads also published additional n8n-related packages that remain available. While some show no immediate signs of malicious behavior, at least one library contains components linked to prior malware activity.
Notably, attackers recently published updated versions of related packages, suggesting that the campaign may still be active or evolving.
Why This Attack Is Different
This campaign marks a significant escalation in supply chain threats. Instead of targeting individual developer credentials, attackers aimed at workflow automation platforms, which act as centralized repositories for secrets.
In a single n8n instance, attackers could gain access to:
- OAuth tokens
- API keys
- Credentials for multiple third-party services
- Workflow logic and integrations
As a result, one compromised node can expose an entire automation environment.
Security Risks for n8n Users
Community nodes in n8n run with the same privileges as the platform itself. Therefore, malicious nodes can:
- Read environment variables
- Access the file system
- Make outbound network connections
- Receive decrypted credentials during execution
Because n8n does not sandbox community nodes, attackers can operate silently without triggering obvious alerts.
Recommended Defensive Actions
To reduce risk, developers and organizations should:
- Avoid installing unverified community nodes
- Prefer official n8n integrations whenever possible
- Audit package metadata, authors, and update history
- Monitor outbound network traffic from n8n instances
- Disable community packages on self-hosted setups if not required
Limiting trust in third-party workflow components significantly reduces exposure.
Why This Matters
Workflow automation platforms increasingly sit at the center of modern development and operations. As attackers shift focus toward these environments, credential theft becomes quieter, broader, and more damaging.
This incident highlights how trust in open ecosystems can quickly become an attack vector when safeguards are limited.