Hackers used the n8n AI workflow automation platform to deliver malware. Phishing emails via trusted webhooks, RMM tools install and device fingerprinting Cisco Talos full report in this article.
What is n8n and Why is it So Popular?
n8n is an AI workflow automation platform. Think of it like a digital assistant that connects different apps to each other. For example, automatically recording new emails in Google Sheets, or having an AI model perform some tasks is all done by n8n.
The platform is very popular with developers and businesses because it offers a free developer account, is easy to setup, and integrates with Zapier, OpenAI, Anthropic Cloud, Slack Gmail and more. When someone creates a free account, they automatically get a unique subdomain like mycompany.app.n8n.cloud. And this trusted subdomain gave hackers a golden opportunity. Because n8n is a well-known platform, emails and links from its subdomains are considered trusted by security software.
What Did Cisco Talos Discover?
Cisco Talos researchers Sean Gallagher and Omid Mirzaei noticed an alarming trend: emails containing n8n webhook URLs increased rapidly from October 2025 to March 2026. They said that in March 2026, the number of such emails was approximately 686 times higher than in January 2025.
This means that the problem increased more than sevenfold in just 14 months. Talos also confirmed that this abuse began in October 2025 and continued until March 2026. Researchers have identified two basic objectives in these campaigns: firstly, to deliver malware and secondly, to silently extract information from the targets devices through a process known as device fingerprinting.
What is a Webhook and How Was It Exploited?
Webhook is a technical feature in which one application automatically sends data to another application when a specific event occurs. Webhooks are used in n8n to trigger workflows. Hackers created free n8n accounts and set webhook URLs which are automatically hosted on n8n trusted subdomain.
When a victim received an n8n webhook link in an email and clicked on it, their browser directly talked to n8n’s servers like any legitimate service. And since webhooks can serve data dynamically i.e different response for each user and attackers could send different payloads to mobile users and desktop users by looking at the user-agent header. This meant that targeted attacks were possible from a single link.
Initial Attack Microsoft OneDrive Exploitation
The most distinct campaign documented by Cisco Talos was a phishing scheme masquerading as Microsoft OneDrive notifications. Victims would receive an email bearing a striking resemblance to official Microsoft correspondence informing them that someone had shared a document with them and prompting them to click a link.
Clicking the link opened a page hosted via an n8n webhook which featured a CAPTCHA challenge. This CAPTCHA served the sole purpose of filtering out automated security scanners and sandboxes, ensuring that only a genuine human user could proceed further. Upon successfully solving the CAPTCHA a download button appeared initiating the download of a file named DownloadedOneDriveDocument.exe.
A particularly clever technique was employed here the entire process was encapsulated within n8n JavaScript code thereby leading the browser to believe that the download was originating from n8n trusted servers even though the actual file was hosted on a separate malicious server.
Impact of Executing the Malicious File
When the victim ran the .exe file, it installed a tool called Datto RMM that lets you monitor and manage computers from afar. IT professionals really do use Datto RMM to manage computers from afar. In this case though a modified or altered version of the tool was installed. After that the tool was set up as a scheduled task using PowerShell commands so that it would start up every time the computer did.
A connection was established with a relay server located at centrastage[.]net. Furthermore immediately after installation, the malware deleted itself to ensure that no traces remained. In other words, the attacker now possessed complete remote access to the infected computerenabling them to view files, execute programs, copy data, and do essentially anything else.
Second Attack MSI File Delivering ITarian Backdoor
In another related campaign an MSI file specifically a Microsoft Windows Installer package was utilized. When the victim installed this file another RMM tool named ITarian Endpoint Management was deployed this is a legitimate corporate tool that had been maliciously modified.
Through this tool Python scripts were executed that exfiltrated data from the compromised system. Furthermore during the installation process, a fake progress bar was displayed to make the user believe that standard software was being installed. This serves as an elegant yet dangerous example of psychological manipulation divert the users attention while quietly carrying out malicious activities in the background.
Tracking Pixels & Rapid Misuse Growth
In addition to malware delivery, another technique known as device fingerprinting was also employed. In this method, hackers embedded invisible tracking pixels (1×1 pixel images) linked to n8n webhook URLs within HTML emails. Whenever a user opened such an email even without clicking on any linksa request to load that pixel was sent to the n8n webhook.
This request contained comprehensive details including the victims IP address, browser version and operating system specifications. This information was transmitted to the attackers and enabling them to identify that the specific IP address was active determine the platform currently in use and conclude that re-targeting this particular victim would be a worthwhile endeavor. In short it wasn’t safe to just look at the email either.
What Should Defenders Do? Cisco Talos Recommendations
Cisco Talos has offered some key practical recommendations. First do not simply block the domain blocking n8n.cloud entirely would disrupt legitimate workflows as well. Instead, implement behavioral detection; if an internal computer suddenly begins sending an excessive amount of traffic to n8n.cloud an alert should be triggered.
Second if an endpoint communicates with n8n or any other AI automation platform that is not among your organization’s approved tools this should immediately raise a red flag. Third share specific IOCs such as webhook URL structures, malicious file hashes, and known C2 domainson threat intelligence platforms so that the entire community can benefit. Finally organizations utilizing n8n should update their systems to patch the CVE-2026-21858 vulnerability.
AI Platforms and Future Threats
The n8n case points to a significant trend: AI automation platforms have emerged as new attack surfaces for cybercriminals. Following n8n an attacker could potentially exploit Zapier, Make.com or any other similar tool. Since these platforms are designed specifically for flexibility featuring capabilities such as listening for webhooks, processing data and sending responses these very features prove highly useful to cybercriminals.
This research by Cisco Talos serves as a crucial signal to the security community that the security of AI tools is just as critical as that of any other software. For end users, the key takeaway is that in todays landscape, one should not place trust solely based on a website name or an email visual design it is imperative to verify the sender domain the actual destination of any links and the digital signatures of attached files.
