Threat Actors Weaponize n8n AI Workflow Platform for Malware Delivery and Device Fingerprinting
Cisco Talos has uncovered a widespread campaign where threat actors abuse the n8n AI workflow automation platform to deliver malware and fingerprint devices via automated emails, with a 686% surge in malicious n8n webhook URLs observed by March 2026.
Cisco Talos researchers have identified a significant and growing abuse of the n8n AI workflow automation platform by threat actors to deliver malware and conduct device reconnaissance. Since October 2025, attackers have been weaponizing n8n's webhook URLs to bypass traditional email security filters, turning a legitimate productivity tool into a delivery vehicle for persistent remote access. The volume of malicious emails containing n8n webhook URLs surged by 686% between January 2025 and March 2026, according to Talos telemetry.
N8n is a popular open-source workflow automation platform that connects web applications and services like Slack, GitHub, and Google Sheets. Users can register for a free developer account, which creates a subdomain on 'tti.app.n8n[.]cloud' from which their applications can be accessed. The platform's webhooks—essentially reverse APIs that allow one application to send real-time data to another—are the primary point of abuse. These webhook URLs, when triggered by an email click, return an HTTP data stream that the recipient's browser processes as a webpage, effectively masking the true source of the content.
Talos documented a phishing campaign that used n8n-hosted webhook links in emails pretending to be shared Microsoft OneDrive folders. When clicked, the link opened a webpage in the victim's browser displaying a CAPTCHA. After completing the CAPTCHA, a download button appeared, triggering a progress bar as a payload was downloaded from an external host. Because the entire process was encapsulated within JavaScript delivered via the n8n domain, the download appeared to the browser as originating from a trusted source.
The payload in this campaign was an executable named 'DownloadedOneDriveDocument.exe' that posed as a self-extracting archive. When opened, it installed a modified version of the Datto Remote Monitoring and Management (RMM) tool and executed a chain of PowerShell commands. These commands configured the RMM tool as a scheduled task and established a connection to a relay on Datto's 'centrastage[.]net' domain, granting persistent remote access to the attacker. Talos observed similar campaigns using the same technique to deliver other malware families.
Beyond malware delivery, Talos also identified attackers using n8n webhooks for device fingerprinting. By embedding webhook URLs in emails that, when clicked, execute JavaScript to collect browser and system information—such as screen resolution, installed fonts, and user-agent strings—attackers can profile victims before launching targeted attacks. This reconnaissance capability allows threat actors to tailor subsequent payloads based on the victim's environment, increasing the likelihood of successful compromise.
The abuse of n8n follows a broader trend of attackers exploiting legitimate automation and AI platforms for malicious purposes. Earlier this year, Talos observed Softr.io, another AI-oriented web application service, being used to create phishing pages in targeted attacks. The use of trusted infrastructure like n8n's webhook URLs makes these campaigns particularly difficult to detect, as the malicious traffic blends in with legitimate traffic from the same domains.
Cisco Talos has shared its findings with n8n and recommends that organizations implement email security solutions capable of inspecting webhook URLs and blocking suspicious patterns. Users should be cautious of unexpected emails containing links to n8n subdomains, especially those prompting downloads or CAPTCHA challenges. The research underscores the evolving threat landscape where AI workflow automation tools, designed to boost productivity, are increasingly repurposed as vectors for cyberattacks.