Threat actors uploaded a set of eight malicious packages to the npm registry, disguising them as integrations for the n8n workflow automation platform in an effort to steal developers’ OAuth credentials.
In particular, one package named “n8n-nodes-hfgjf-irtuinvcm-lasdqewriit” impersonates a Google Ads integration. It prompts users to link their advertising accounts through a seemingly legitimate interface and then secretly siphons OAuth credentials to servers controlled by the attackers.
“The attack represents a new escalation in supply chain threats,” Endor Labs said in a report published last week. “Unlike traditional npm malware, which often targets developer credentials, this campaign exploited workflow automation platforms that act as centralized credential vaults – holding OAuth tokens, API keys, and sensitive credentials for dozens of integrated services like Google Ads, Stripe, and Salesforce in a single location.”
List of Removed Malicious npm Packages
The following packages, which attackers have since removed from npm, form part of the campaign:
- n8n-nodes-hfgjf-irtuinvcm-lasdqewriit (4,241 downloads, author: kakashi-hatake)
- n8n-nodes-ggdv-hdfvcnnje-uyrokvbkl (1,657 downloads, author: kakashi-hatake)
- n8n-nodes-vbmkajdsa-uehfitvv-ueqjhhhksdlkkmz (1,493 downloads, author: kakashi-hatake)
- n8n-nodes-performance-metrics (752 downloads, author: hezi109)
- n8n-nodes-gasdhgfuy-rejerw-ytjsadx (8,385 downloads, author: zabuza-momochi)
- n8n-nodes-danev (5,525 downloads, author: dan_even_segler)
- n8n-nodes-rooyai-model (1,731 downloads, author: haggags)
- n8n-nodes-zalo-vietts (4,241 downloads, authors: vietts_code and diendh)
Additional Packages Still Available on npm
Meanwhile, npm users “zabuza-momochi,” “dan_even_segler,” and “diendh” also appear as authors of four additional libraries that remain available for download at the time of writing:
- n8n-nodes-gg-udhasudsh-hgjkhg-official (2,863 downloads)
- n8n-nodes-danev-test-project (1,259 downloads)
- @diendh/n8n-nodes-tiktok-v2 (218 downloads)
- n8n-nodes-zl-vietts (6,357 downloads)
At present, it remains unclear whether these packages contain similar malicious functionality. However, an assessment of the first three packages using ReversingLabs Spectra Assure uncovered no security issues. In contrast, the analysis flagged “n8n-nodes-zl-vietts” as containing a component with a known malware history.
Notably, attackers published an updated version of “n8n-nodes-gg-udhasudsh-hgjkhg-official” to npm just three hours ago, which suggests that the campaign may still be active.
How the Malicious n8n Integration Works
Once installed as a community node, the malicious package behaves like a legitimate n8n integration. It displays standard configuration screens and stores Google Ads OAuth tokens in encrypted form within the n8n credential store.
However, when a workflow runs, the package executes code that decrypts the stored tokens using n8n’s master key and then exfiltrates them to a remote server controlled by the attackers.
This development marks the first documented instance of a supply chain threat that explicitly targets the n8n ecosystem. In this case, attackers weaponized trust in community integrations to compromise developer environments and harvest credentials.
Security Risks of Community Nodes
Overall, the findings underscore the security risks associated with integrating untrusted workflows, which can significantly expand the attack surface. As a result, developers should audit packages before installation, closely review package metadata for anomalies, and rely on official n8n integrations whenever possible.
N8n has also warned about the security risks associated with community nodes from npm, noting that they can introduce breaking changes or execute malicious actions on the host machine. For self-hosted n8n deployments, the project recommends disabling community nodes by setting N8N_COMMUNITY_PACKAGES_ENABLED to false.
“Community nodes run with the same level of access as n8n itself. They can read environment variables, access the file system, make outbound network requests, and, most critically, receive decrypted API keys and OAuth tokens during workflow execution,” researchers Kiran Raj and Henrik Plate said. “There is no sandboxing or isolation between node code and the n8n runtime.”
“Because of this, a single malicious npm package is enough to gain deep visibility into workflows, steal credentials, and communicate externally without raising immediate suspicion. For attackers, the npm supply chain offers a quiet and highly effective entry point into n8n environments.”
Source: TheHackerNews
Read more at Impreza News
