Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform, with the intent of stealing developers’ OAuth credentials.
The Hack
One such package, named “n8n-nodes-hfgjf-irtuinvcm-lasdqewriit,” mimics a Google Ads integration. When users install this package and attempt to link their advertising account through it, the attackers gain access to the OAuth tokens used for authentication.
Impact
The stolen OAuth tokens can be used to perform unauthorized actions within the n8n platform, potentially leading to data breaches, workflow disruptions, or financial losses for affected developers and their organizations.
Criticality Score: 7/10
This attack is highly critical due to its potential to cause significant damage to both individual users and businesses. The theft of OAuth tokens can compromise sensitive information and operations within the n8n platform.
Threat Type
The threat type for this incident falls under ‘supply chain attack.’ This type of attack targets the software supply chain, exploiting vulnerabilities in community or third-party libraries to gain unauthorized access to systems.
CVE IDs
No specific CVEs have been associated with this incident as of yet. However, it is advisable for users to be vigilant and update their dependencies regularly to mitigate risks from known vulnerabilities.
Keywords
- n8n
- supply chain attack
- OAuth tokens
- npm registry
- Google Ads integration
Suggested Categories
- Cybersecurity Threats
- Supply Chain Security
- OAuth Token Security
Articles connexes
