First Malicious Microsoft Outlook Add-In Discovered in Real-World Conditions

Cybersecurity researchers have discovered the first malicious add-in for Microsoft Outlook detected in real-world conditions. According to Koi Security, this unusual supply chain attack involves an unknown attacker who acquired the domain associated with an abandoned legitimate add-in. The attacker used this domain to serve a fake Microsoft login page, enabling the theft of over 4,000 credentials. This is the first documented occurrence of a malicious Outlook add-in used in an active campaign.