Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
Malicious package

n8n-nodes-pentest-rcenpm

Malicious code in n8n-nodes-pentest-rce (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4617
Immediate action
Remove the package, then rotate any secrets the build/runtime could reach.
npm uninstall n8n-nodes-pentest-rce

What this malware does

On npm install, the package's postinstall script runs a shell pipeline that reads the Kubernetes service-account token from /var/run/secrets/kubernetes.io/serviceaccount/token (truncated to 200 bytes), the pod namespace file, the first 20 sorted environment variables, and host fingerprinting data (id, hostname, uname -a, ip addr, /etc/os-release, mount, /proc/1/status, /proc/1/cgroup), emitting them between =RCE_START= / =RCE_END= markers. In typical n8n custom-node installation contexts (n8n cloud, CI build pipelines, container-image builds), install-time stdout is captured into build logs accessible to the attacker. The advertised node code in dist/PentestNode.node.js is a no-op (return [this.getInputData()]) and index.js exports {} — the package provides no functional value to a consumer; the install-time shell payload is the entire purpose. The package self-identifies as a 'pentest proof of concept' for RCE in its name and description. The exfiltrated K8s SA token grants API access to the cluster the installer runs in, and the env-var dump commonly contains cloud-provider credentials.

Malicious versions

26 flagged
1.0.01.0.11.0.31.0.71.0.81.0.111.0.151.0.161.0.191.0.211.0.281.0.291.0.301.0.311.0.321.0.331.0.351.0.361.0.371.0.381.0.391.0.401.0.411.0.421.0.431.0.44

Indicators of compromise (SHA-256)

0488febf49bd134aed0fa92236ba8f52af6e870c1aef10556cdcfbfc2056c2e8
60be575f03918d040794b457c04d31c1de87deb7db96a195136f21281cf4d24a
a6509bc71ca026b8d09ac760fe5ced4fb027131166c46348097b4bb29fa61f4b
e4dbdf9fb9e135b09a14f6780e4462cf258a7ce489f8f2103bdaf592b2733eb2
e681ddff488c0afa1eb87aab6fc8c5adf4efee1c89029046e1b09e9ae23bc789
f9059cfcb66eba746763d81a547e33b5600fe75c1269ff75d6a52157403151ec
13ef49a756cfc296c2bc5578b3ab8329ba99a9b0a4502b4fdd9c86a9187a0e6d
3e5579da454e7d043624efd86c47d8717fe07701c5a2d3beb6c94015386fcf28
9a0ed01a6aa9c3cdc81804f81910f7090283a8728b9e3e627d09f4a7b41bb7c4
e681f30e01289823cdbf587cf07a9f23ee0e501825ef76fe59e2cb548d046e8e
eb91a035358fe17af5a78c1b658a5e68d42d61cd9f2c881e388982016890e51d
0719289be3acd1ec8a27d373db5a1e9984d9eb52b5b77017c459ffa6046b1dec
0d84d0655306e0d918ad757c25e5ba8dcdd108f1e19e419dad84b506e3a6d595
4c6a0572fa8ed19e15941d846286b3e0e89eb65126b57a3e59e471a8270b21dc
a612a02d7651ed5df93e06620bb17ebd0d9f994773dde779696ba5017fda3ba8
e7a861b60926034ce75e754ed3dd0ae77a492ddaf53956f57a9baa7ec6808ade
0bbc888557128dba7e0032db52d7775f931206c90d61fa1277ceca960b7deeeb
2fdf0c768efc457390a8facb0bd5470f23221e9e14c861fbd02c05d6a12b62c7
3254c77b88c0f86ff3e1196c92f1d201d7d3953c221da804c0743fae2f75fa34
568ac0d3ede37787c50defca157735a92dba2ba3e9da10cecc68ca857378186a
5c88b783d3aae83a833d2b018530ec7e84127eb8dc4978a440c886bc0d9f16cf
6a5f35198cd0cf35ec78e2ba3f0cd4aa93637d5871b3883b3f3b09010d454e0c
980aaaaa691abe7b1a03a210c72f6af350b346fee02d1f1974efe4c13aa6e297
a180a386cdea43b046b780c90a7bd881bf4eb10de44667a5ea7128bb382eef48
2a813bc4a209e75b50151451de1c2a3c4a7e916b181b314416eafc43492b4eb5
3120abdc4b5c0be556856910dca5f35512bff8ac46d695a8f18a1311547f38af

Detection & response playbook

Credential / info stealer

  1. Find it

    Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for n8n-nodes-pentest-rce (26 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging n8n-nodes-pentest-rce across your stack and pipelines.

  2. If you installed it — respond

    n8n-nodes-pentest-rce is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

  3. Did it already run?

    If n8n-nodes-pentest-rce was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

  4. How O3 protects you

    O3 blocks n8n-nodes-pentest-rce before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. n8n-nodes-pentest-rce on npm has been identified as a malicious package (versions 1.0.0, 1.0.1, 1.0.3, 1.0.7, 1.0.8, 1.0.11, 1.0.15, 1.0.16, and 18 more flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003690IN-MAL-2026-003681IN-MAL-2026-003667IN-MAL-2026-003686IN-MAL-2026-003698IN-MAL-2026-003661IN-MAL-2026-003676IN-MAL-2026-003680IN-MAL-2026-003699IN-MAL-2026-003697IN-MAL-2026-003669IN-MAL-2026-003674IN-MAL-2026-003668IN-MAL-2026-003679IN-MAL-2026-003675IN-MAL-2026-003683IN-MAL-2026-003678IN-MAL-2026-003665IN-MAL-2026-003677IN-MAL-2026-003695IN-MAL-2026-003685IN-MAL-2026-003670IN-MAL-2026-003673IN-MAL-2026-003684IN-MAL-2026-003666IN-MAL-2026-003682

References

Credits

  • Amazon Inspector · finder

Detect & block this

O3 blocks n8n-nodes-pentest-rce-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring
n8n-nodes-pentest-rce (npm) malicious package — MAL-2026-4617 | O3 Security