Outlook Add-in Attack Enables Silent Email Exfiltration with Zero Forensic Traces

A newly disclosed attack technique allows threat actors to abuse Microsoft Outlook add-ins to silently exfiltrate sensitive email data from organizations without generating any audit logs or forensic traces, according to research published by Varonis Threat Labs.

The attack method, dubbed Exfil Out&Look, exploits a visibility gap in Microsoft 365's logging infrastructure. Add-ins installed via Outlook Web Access operate without generating entries in Microsoft 365's Unified Audit Log, enabling malicious or compromised add-ins to intercept and transmit email content to external servers while remaining completely invisible to security teams.

Varonis reported the issue to Microsoft via MSRC on September 30, 2025. After review, Microsoft categorized the technique as a low-severity product bug with no immediate fix or patch planned, meaning the attack vector remains active.

No Audit Logs in Outlook Web Access

The core vulnerability lies in the disparity between logging behavior across Outlook platforms. When an add-in is installed via Outlook Desktop, a log entry is generated in the Windows Event Viewer under Event ID 45. However, when the same add-in is installed via Outlook Web Access, no corresponding audit log entry is generated in Microsoft 365's Unified Audit Log — even in environments with E5 licenses and auditing fully enabled.

This means security teams have no visibility into add-ins installed by users through OWA, nor any indication of their behavior or execution. From Microsoft 365's audit perspective, there is no indication that email content was accessed or transmitted externally.

Minimal Permissions Enable Silent Exfiltration

Outlook add-ins operate based on a permission model defined in their manifest file. Many add-ins function with minimal permissions, allowing them to access the contents of emails being composed — including subject, body, and recipients — without requiring explicit user consent and without generating audit logs.

The Varonis proof-of-concept demonstrates how a minimally-permissioned add-in can hook into the OnMessageSend event, which triggers automatically when a user sends an email. The add-in extracts the email subject, body, recipients, timestamp, and attachment filenames, then transmits this data to an external server using a simple asynchronous fetch call.

This behavior is permitted under default add-in permissions and is indistinguishable from legitimate add-in functionality. The exfiltration happens silently in the background without any user interaction or awareness.

Organization-Wide Deployment Amplifies Risk

The attack becomes significantly more dangerous when leveraged by compromised administrator accounts. Microsoft 365 allows global administrators and Exchange administrators to deploy Outlook add-ins across the entire organization, automatically installing them for all users without requiring manual installation.

If an attacker deploys a malicious add-in with "Everyone" and "Fixed" settings, the add-in installs for every mailbox in the organization and users cannot remove it. Every outgoing email across the entire tenant is intercepted and exfiltrated to the attacker's server — without requiring any user action or consent.

While initial deployment actions generate some audit log entries such as app installation and service principal creation, the add-in's ongoing behavior is not tracked or logged once active. The silent interception of every outgoing email continues indefinitely without detection.

Multiple Exploitation Scenarios

Varonis outlined several realistic attack scenarios exploiting this technique.

Insider threats can install custom add-ins on their own accounts to silently exfiltrate every email they send, including sensitive internal communications. Attackers who compromise user accounts via phishing can install persistent add-ins that survive across sessions and continue exfiltrating data. Malicious or compromised administrators can deploy organization-wide add-ins to intercept all outgoing emails from every mailbox. Third-party add-ins from the Microsoft Store may include hidden functionality that transmits email content to external servers for processing.

Legitimate Add-ins Also Transmit Data

During research, Varonis observed several legitimate add-ins transmitting full email content to external servers to perform tasks such as AI-powered translation, auto-reply generation, or summarization. While this behavior may be expected for such functionality, it raises questions about data handling, retention, and user awareness that organizations should consider when evaluating add-in deployments.

Recommendations

Organizations should restrict the ability for users to install custom add-ins via OWA or Desktop using Microsoft 365 policies. Security teams should regularly audit organization-wide add-ins deployed by administrators and monitor for unusual service principal or app registrations.

Network monitoring can help detect unexpected outbound data flows from Outlook clients to third-party servers. User awareness training should educate employees about the risks of installing third-party add-ins.

Varonis recommends Microsoft implement audit logging for all add-in installations regardless of platform, behavioral logging for sensitive add-in actions such as accessing email content or sending data externally, and a risk-based classification system for add-ins based on their permissions and communication behavior.

Until Microsoft addresses the logging gap, organizations should treat Outlook add-ins as a potential blind spot in their security monitoring and implement compensating controls accordingly.