Threat Actors Abuse n8n AI Workflow Platform for Phishing and Malware Delivery

Threat actors are abusing the AI workflow automation platform n8n to conduct phishing campaigns, deliver malware, and collect device data via automated emails. The attackers exploit the platform's trusted infrastructure to bypass traditional security controls, enabling stealthy operations. No specific malware families, campaign timelines, or victim demographics were disclosed in the report. The abuse involves leveraging n8n's legitimate functionality to automate malicious workflows, though no technical indicators (e.g., hashes, IPs) or CVEs were mentioned. The primary impact includes evasion of detection mechanisms and unauthorized data exfiltration.