Tips for reducing risks: Workflow automation platforms like n8n are widely adopted for their capability to let teams link disparate systems without hand-coding every integration. But the community node ecosystem depends on npm packages and, therefore, inherits associated risks.To mitigate exposure, Endor Labs researchers recommended measures such as preferring built-in integrations over community nodes, auditing package metadata and source code before installation, monitoring outbound network activity from automation hosts, and using isolated service accounts with limited privileges wherever possible. Endor Labs published a list of indicators of compromise (IOCs), including package names, C2 infrastructure, and malicious files, to support detection efforts. “Even though the malicious packages we know have been disabled in the last few hours, the attacks may continue and evolve going forward,” Plate noted.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4115417/malicious-npm-packages-target-n8n-automation-platform-in-a-supply-chain-attack.html
