Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads and fingerprint devices by sending automated emails.
“By leveraging trusted infrastructure, these attackers are bypassing traditional security filters and turning productivity tools into delivery vehicles for persistent remote access,” Cisco Talos researchers Sean Gallagher and Omid Mirzaei said in an analysis published today.
N8n is a workflow automation platform that allows users to connect to a variety of web applications, APIs, and AI model services to synchronize data, build agent systems, and perform repetitive rules-based tasks.
Users can register for a developer account at no additional charge to take advantage of cloud-hosted managed services and run automated workflows without setting up their own infrastructure. However, this will create your own custom domain in the format .app.n8n.cloud from which your users can access your application.
The platform also supports the ability to create webhooks that receive data from apps and services when certain events are triggered. This makes it possible to start a workflow after receiving specific data. In this case, the data is sent via a unique webhook URL.
According to Cisco Talos, this is a webhook exposed to the URL and uses the same *.app.n8n.[.]Cloud subdomains – have been used in phishing attacks since October 2025.
“Webhooks, often referred to as ‘reverse APIs,’ allow one application to provide real-time information to another application. These URLs register the application as a ‘listener’ to receive data, which may include HTML content pulled programmatically,” Talos explained.
“When a URL receives a request, subsequent workflow steps are triggered and the results are returned as an HTTP data stream to the requesting application. When the URL is accessed via email, the recipient’s browser acts as the receiving application and processes the output as a web page.”
Importantly, this opens new doors for threat actors to propagate malware while giving the appearance of legitimacy by giving the impression that it is coming from a trusted domain.
Threat actors wasted no time and took advantage of this behavior to set up n8n webhook URLs for malware delivery and device fingerprinting. The volume of email messages containing these URLs in March 2026 is said to have increased by approximately 686% compared to January 2025.
In one campaign Talos observed, attackers embedded n8n-hosted webhook links in emails claiming to be shared documents. Clicking the link takes the user to a web page that displays the CAPTCHA. Once this is done, the download of a malicious payload from an external host is activated.
“The entire process is encapsulated within JavaScript in an HTML document, so it appears to the browser that the download came from the n8n domain,” the researchers note.
The ultimate goal of the attack is to deliver executable files or MSI installers that act as a conduit to modified versions of legitimate remote monitoring and management (RMM) tools, such as Datto or ITarian Endpoint Management, and use them to establish persistence by establishing a connection to a command and control (C2) server.
The second most prevalent case concerns the exploitation of n8n for fingerprinting. Specifically, you will need to embed an invisible image or tracking pixel in your email that is hosted at the n8n webhook URL. As soon as the digital document is opened via an email client, an HTTP GET request is automatically sent to the n8n URL with tracking parameters such as the victim’s email address, allowing the attacker to identify the victim.
“The same workflows designed to save developers hours of manual labor are now being reused to automate the delivery of malware and fingerprinting devices due to their flexibility, ease of integration, and seamless automation,” Talos said. “As we continue to harness the power of low-code automation, it is the responsibility of security teams to ensure that these platforms and tools remain an asset, not a liability.”
Source link
