Full Report
Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth credentials. One such package, named "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit," mimics a Google Ads integration, and prompts users to link their advertising account in a seemingly legitimate form and then
Analysis Summary
# Incident Report: n8n Supply Chain Compromise via Malicious npm Packages
## Executive Summary
Threat actors conducted a supply chain attack by publishing eight malicious packages to the npm registry, disguised as legitimate integrations for the n8n workflow automation platform. These packages were designed to trick users into authenticating with external services (like Google Ads), stealing the resulting OAuth credentials by decrypting them using the n8n master key and exfiltrating them to attacker-controlled servers. The incident highlights a critical escalation in supply chain threats targeting centralized credential vaults within workflow automation systems, leading to the compromise of sensitive tokens and API keys.
## Incident Details
- Discovery Date: Within the week preceding January 12, 2026 (Implied via report publication date)
- Incident Date: Attack campaign was active, with an updated malicious package appearing three hours prior to reporting.
- Affected Organization: n8n Ecosystem Users (Developers installing malicious community nodes)
- Sector: Technology / Workflow Automation
- Geography: Global (npm registry users)
## Timeline of Events
### Initial Access
- Date/Time: Unknown (Campaign was active)
- Vector: Supply Chain Injection (Malicious npm packages)
- Details: Threat actors uploaded eight packages mimicking n8n integrations (e.g., "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit" mimicking Google Ads).
### Lateral Movement
- N/A (This was primarily a credential harvesting attack, not internal network movement; the malicious code executed locally on the host running n8n during workflow execution.)
### Data Exfiltration/Impact
- Date/Time: Upon workflow execution after malicious node installation.
- Details: Stolen OAuth tokens (e.g., Google Ads credentials) were decrypted using the n8n master key and exfiltrated to remote attacker-controlled servers.
### Detection & Response
- Date/Time: Prior to Jan 12, 2026.
- Details: The threat was discovered and reported by Endor Labs. The malicious packages were subsequently removed from the npm registry. N8n issued warnings regarding community node risks.
## Attack Methodology
- Initial Access: Uploading malicious packages to the public npm registry masquerading as trusted community integrations.
- Persistence: Not explicitly detailed, but the malicious functionality resides within the installed package, remaining active as long as the node is used.
- Privilege Escalation: N/A (The attack leveraged the high level of privilege already inherent to n8n, which runs with the same access rights as the host system).
- Defense Evasion: Packages mimicked legitimate integration functionality (displaying legitimate forms) to gain user trust.
- Credential Access: Tricking users into authenticating via a legitimate-looking gateway, capturing OAuth tokens, and stealing the decryption key (n8n master key) from the local n8n credential store.
- Discovery: N/A (Attackers likely relied on users installing the nodes).
- Lateral Movement: N/A.
- Collection: Stealing encrypted OAuth tokens/API keys from the n8n credential store.
- Exfiltration: Decrypting the collected tokens using the master key and sending them to attacker-controlled servers.
- Impact: Theft of high-value service credentials (e.g., Google Ads, Stripe, Salesforce).
## Impact Assessment
- Financial: Not disclosed. Potential impact via fraudulent activity on compromised advertising or financial accounts.
- Data Breach: Theft of sensitive OAuth credentials and API keys associated with integrated services.
- Operational: Potential risk introduced to environments relying on n8n, as community nodes execute with full access rights, capable of file system access and network calls.
- Reputational: Negative impact on trust within the n8n developer ecosystem regarding the security of community contributions.
## Indicators of Compromise
- **File Indicators (Packages):**
- `n8n-nodes-hfgjf-irtuinvcm-lasdqewriit`
- `n8n-nodes-ggdv-hdfvcnnje-uyrokvbkl`
- `n8n-nodes-vbmkajdsa-uehfitvv-ueqjhhhksdlkkmz`
- `n8n-nodes-performance-metrics`
- `n8n-nodes-gasdhgfuy-rejerw-ytjsadx`
- `n8n-nodes-danev`
- `n8n-nodes-rooyai-model`
- `n8n-nodes-zalo-vietts`
- **Associated (Potentially Suspicious) Packages:** `n8n-nodes-gg-udhasudsh-hgjkhg-official`, `n8n-nodes-danev-test-project`, `@diendh/n8n-nodes-tiktok-v2`, `n8n-nodes-zl-vietts`.
- **Behavioral Indicators:** Any n8n node attempting to decrypt tokens using the master key and making outbound network requests during execution that are not documented for the node's function.
## Response Actions
- **Containment:** The malicious npm packages were removed from the registry (by npm or maintainers). Users who installed them were advised of the compromise.
- **Eradication:** Not explicitly stated, but implied steps would involve revoking compromised third-party service tokens and removing the malicious packages from local systems.
- **Recovery:** N/A (Focus appears to be on communication and remediation guidance).
## Lessons Learned
- **Trust in Supply Chain:** Supply chain attacks targeting development/automation ecosystems (like n8n) are highly effective because these platforms aggregate significant trust and credentials.
- **Privilege Model Risk:** Community nodes operate with full host access, turning them into potent malware vectors if compromised, as they can access the n8n master key.
- **Credential Vault Exposure:** Workflow automation platforms are increasingly becoming centralized credential vaults, making them high-value targets.
## Recommendations
- **For n8n Users (Self-Hosted):** Immediately set the environment variable `N8N_COMMUNITY_PACKAGES_ENABLED` to `false` to disable the execution of untrusted community nodes.
- **General Security:** Developers should rigorously audit all community/third-party packages before installation, scrutinize package metadata for anomalies, and use official integrations wherever possible.
- **Principle of Least Privilege:** Investigate mechanisms within n8n to restrict the execution context or capabilities of community nodes to minimize damage potential upon compromise.