n8mare on Auth Street: First n8n Supply Chain Attack Steals OAuth Tokens

A sophisticated supply chain offensive recently compromised the n8n workflow automation ecosystem, as adversaries infiltrated the npm repository with malicious packages camouflaged as legitimate integration modules. According to research by Endor Labs, the primary objective of this campaign was the exfiltration of developers’ OAuth tokens, granting unauthorized access to critical services such as Google Ads, Stripe, and Salesforce.

These deleterious packages meticulously mimicked authentic n8n extensions, presenting deceptive configuration interfaces that prompted users to authorize account access. Once granted, the sensitive tokens were intercepted from the platform’s internal storage and surreptitiously transmitted to a remote command-and-control server. This assault exploited a fundamental architectural characteristic of n8n: the centralized repository of sensitive credentials utilized across a vast array of interconnected services.

The campaign utilized a suite of eight malicious entities, including cryptically named packages such as “n8n-nodes-hfgjf-irtuinvcm-lasdqewriit” and “n8n-nodes-danev.” These were distributed by actors operating under pseudonyms such as “kakashi-hatake” and “zabuza-momochi.” While some associated libraries remain accessible, forensic analysis identified “n8n-nodes-zl-vietts” as incorporating components with a documented history of infection. Notably, the package “n8n-nodes-gg-udhasudsh-hgjkhg-official” received an update mere hours prior to the Endor Labs disclosure, suggesting an active and persistent operation.

Upon deployment, these modules functioned as standard community nodes: they rendered configuration screens and handled encrypted OAuth tokens, only to decrypt and exfiltrate them during workflow execution. This incident represents the inaugural instance of a supply chain attack specifically targeting the n8n ecosystem. The primary vulnerability resides in the excessive trust accorded to third-party extensions hosted in public repositories.

The n8n development team has acknowledged the formidable risks inherent in utilizing community nodes from npm. Such modules inherit the same expansive permissions as the platform itself, enabling access to environment variables, the local file system, and decrypted credentials. The absence of code isolation or a robust sandboxing mechanism renders these nodes inherently perilous.

To fortify local n8n instances, specialists advocate for the total deactivation of community node support by setting the N8N_COMMUNITY_PACKAGES_ENABLED parameter to false. Furthermore, practitioners are exhorted to meticulously scrutinize metadata and prioritize official extensions to preserve digital sanctity.