Attackers Weaponize Microsoft 365 Outlook Add-Ins to Quietly Exfiltrate Email Data

Outlook add‑ins are designed as lightweight web applications that extend Office functionality. Administrators can distribute them tenant‑wide through the Microsoft 365 admin center, while users may install them from the Store. The underlying model trusts the manifest’s declared permissions, and OWA historically records only mailbox‑level actions, not the add‑in lifecycle. This architectural choice creates a blind spot: when a custom add‑in is uploaded via the web interface, the Unified Audit Log—Microsoft’s primary forensic source—does not capture the installation or subsequent execution events, leaving security teams unaware of potentially malicious activity.

The Exfil Out&Look proof‑of‑concept demonstrates how an attacker can weaponize this gap. By crafting a manifest that requests access to the currently active item, the add‑in avoids consent prompts while still harvesting subject lines, bodies, recipients, and timestamps. Hooked to the OnMessageSend event, it automatically triggers on every outbound message, packaging the data into a simple fetch() request to an external server. Because the add‑in operates within Outlook’s native framework, its network traffic can blend with legitimate API calls, and the lack of audit entries means traditional Microsoft 365 monitoring tools cannot flag the exfiltration, enabling stealthy, large‑scale data theft.

Mitigating this risk requires a shift from reliance on built‑in audit logs to proactive governance. Organizations should restrict custom manifest uploads to a limited set of privileged administrators, regularly audit deployed add‑ins and associated service principals, and implement network‑level detection for anomalous outbound traffic from Outlook clients. Additionally, employing third‑party CASB solutions that inspect API calls and enforce least‑privilege policies can close the visibility gap. As Microsoft evaluates longer‑term remediation, firms that adopt these controls now can reduce exposure to this emerging vector and safeguard sensitive communications against silent exfiltration.