Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and distribute malicious payloads or fingerprint devices by sending automated emails.
“By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity devices into delivery vehicles for persistent remote access,” Cisco Talos researchers Sean Gallagher and Omid Mirzaei said in an analysis published today.
N8n is a workflow automation platform that allows users to connect various web applications, APIs, and AI model services to sync data, build agentic systems, and run repetitive rule-based tasks.
Users can register for a developer account at no additional cost to leverage the managed cloud-hosted service and run automation workflows without setting up their own infrastructure. However, doing so creates a unique custom domain that follows the format – <खाता नाम>.app.n8n.cloud – From where the user can access his applications.
The platform also supports the ability to create webhooks to receive data from apps and services when certain events are triggered. This makes it possible to start a workflow after receiving some data. In this case, the data is sent via a unique webhook URL.
According to Cisco Talos, these are URL-exposed webhooks – which use the same *.app.n8n[.]Cloud subdomain – which has been abused in phishing attacks as of October 2025.
“A webhook, often referred to as a ‘reverse API’, allows one application to provide real-time information to another. These URLs register an application as a ‘listener’ to receive data, which can include programmatically pulled HTML content,” Talos explained.
“When the URL receives a request, subsequent workflow steps are triggered, which return the result as an HTTP data stream to the requesting application. If the URL is accessed via email, the recipient’s browser acts as the receiving application, processing the output as a web page.”
What makes this important is that it opens a new door for threat actors to spread malware, while maintaining the façade of legitimacy and giving the impression that they are originating from a trusted domain.
Threat actors have wasted no time in taking advantage of the practice of setting n8n webhook URLs for malware delivery and device fingerprinting. The volume of email messages containing these URLs in March 2026 is said to be approximately 686% higher than in January 2025.
In one campaign observed by Talos, threat actors were found embedding an n8n-hosted webhook link in emails that claimed to be a shared document. Clicking the link takes the user to a web page that displays a captcha which, when completed, activates the download of a malicious payload from the external host.
“Since the entire process is contained in the JavaScript of the HTML document, the download appears to the browser as coming from the n8n domain,” the researchers said.
The ultimate goal of the attack is to distribute an executable or an MSI installer that acts as a conduit for modified versions of legitimate remote monitoring and management (RMM) tools, such as Datto and Iterion Endpoint Management, and use them to establish persistence by establishing a connection to a command-and-control (C2) server.
Another popular issue concerns the misuse of n8n for fingerprinting. Specifically, this involves embedding an invisible image or tracking pixel in an email that is hosted on a n8n webhook URL. As soon as the digital message is opened through the email client, it automatically sends an HTTP GET request to the n8n URL with tracking parameters such as the victim’s email address, helping attackers identify them.
“The same workflows designed to save developers hours of manual labor are now being reused to automate the delivery of malware and fingerprinting tools due to their flexibility, ease of integration, and seamless automation,” Talos said. “As we continue to leverage the power of low-code automation, it is the responsibility of security teams to ensure these platforms and tools remain assets rather than liabilities.”
