Critical n8n Vulnerability Lets Attackers Deliver Malware via Webhooks
Key Takeaways Threat actors are exploiting the legitimate AI workflow automation tool n8n to deliver malware and conduct device fingerprinting. The attacks leverage n8n’s webhook functionality,...
Key Takeaways
- Threat actors are exploiting the legitimate AI workflow automation tool n8n to deliver malware and conduct device fingerprinting.
- The attacks leverage n8n’s webhook functionality, using free developer accounts and trusted subdomains to bypass security gateways.
- Campaigns observed between October 2025 and March 2026 involved phishing emails leading to the installation of legitimate remote monitoring and management (RMM) tools, repurposed for malicious access.
- Cisco Talos identified the abuse, recommending behavioral detection and AI-driven email security over blanket domain blocking.
Cybercriminals have discovered an innovative method to circumvent traditional security measures, actively weaponizing the legitimate AI workflow automation platform n8n for sophisticated malware delivery. Malicious actors are exploiting n8n’s webhook features to inject harmful payloads, frequently as components of elaborate phishing operations. This misuse of the open-source automation tool has been observed turning a productivity platform into a weapon.
Table Of Content
Instead of constructing their own infrastructure from scratch, these attackers are leveraging n8n to dispatch phishing emails and deliver dangerous payloads directly to victims’ systems. The illicit activity was initially detected in October 2025 and persisted through March 2026. During this period, attackers established free developer accounts on the n8n platform, which automatically provisioned subdomains under the *.app.n8n[.]cloud namespace.
Because these subdomains are associated with a widely recognized service, outbound emails and web requests originating from them are often treated as trustworthy by many corporate security gateways. This tactic enabled attackers to route their malicious content through channels that would typically not trigger immediate alerts from most email security solutions.
Cisco Talos researchers Sean Gallagher and Omid Mirzaei were instrumental in identifying the abuse of the n8n platform, subsequently publishing a comprehensive analysis of these campaigns. Their investigation revealed that the primary vector of exploitation was n8n’s URL-exposed webhooks, a standard feature designed to allow real-time data exchange between applications.
The researchers noted a significant surge in malicious activity, with the volume of emails containing n8n webhook URLs in March 2026 approximately 68% higher than in January 2025, indicating a sharp and deliberate escalation in the platform’s misuse.
The findings highlighted two concurrent attack objectives: malware delivery and targeted device fingerprinting. By embedding invisible tracking pixels, hosted on n8n webhook URLs, within HTML emails, attackers could surreptitiously gather device information, such as browser type and IP address, from recipients who merely opened the email without clicking any links. Simultaneously, separate phishing campaigns were actively deploying malware payloads onto victim machines using the same webhook-based delivery mechanism. Attackers effectively subverted a tool intended for workflow automation and developer efficiency, transforming it into a potent weapon.
Inside the Infection Chain
One of the most thoroughly documented campaigns involved phishing emails disguised as Microsoft OneDrive folder sharing notifications. Upon clicking the embedded n8n webhook link, recipients were directed to an HTML page featuring a CAPTCHA challenge. This step served as a rudimentary human verification mechanism, allowing attackers to filter out automated scanners and sandboxes.
Once the CAPTCHA was successfully solved, a download button appeared, and a file named DownloadedOneDriveDocument.exe was silently retrieved from an external host. However, since the entire process executed within the n8n domain’s JavaScript environment, the download appeared to originate from the trusted n8n infrastructure itself.
When executed, this file installed a modified version of the Datto Remote Monitoring and Management (RMM) tool, a legitimate remote administration application. The malware then employed PowerShell commands to configure Datto RMM as a scheduled task, establishing a persistent connection to a relay on the centrustage[.]net domain before self-deleting and removing other payload components to obscure its presence. A separate but related campaign utilized an n8n webhook to deliver a maliciously altered Microsoft Windows Installer (MSI) file. This file installed the ITarian Endpoint Management RMM tool, which functioned as a backdoor and executed Python modules to exfiltrate data from the compromised system, all while displaying a deceptive installer progress bar to mask its true activities.
Both campaigns adhered to the same fundamental logic: funnel victims through a trusted domain, camouflage the delivery as an ordinary event, and install a remote access tool that maintains stealthy persistence on the system. The inherent flexibility and ease of integration of the n8n platform made it an ideal vehicle for this strategy, as it eliminated the need for complex, custom infrastructure.
What You Should Do
- Implement behavioral detection rules that trigger alerts for unusually high volumes of traffic directed toward AI automation platform domains from unexpected internal sources.
- Flag any endpoint attempting to communicate with AI automation platform domains that are not part of the organization’s approved workflow inventory.
- Share and monitor indicators of compromise (IOCs), including specific webhook URL structures, malicious file hashes, and known command-and-control domains, through threat intelligence platforms.
- Deploy AI-driven email security solutions that analyze behavioral signals, rather than solely relying on reputation scores, to effectively identify threats traversing otherwise trusted infrastructure.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.