Exfil Out&Look For Logs: Weaponizing Outlook Add-Ins For Zero-Trace Email Exfiltration
Varonis, Wednesday, January 28th, 2026
Varonis Threat Labs reveals how Outlook add-ins in Microsoft 365 can be exploited to exfiltrate sensitive email data without leaving forensic traces.
Varonis Threat Labs discovered ways to abuse Outlook add-ins, a core feature of the Microsoft 365 ecosystem, to exfiltrate sensitive data from organizations without leaving any forensic traces. We've dubbed this attack method Exfil Out&Look.
Add-ins are designed to enhance productivity and integrate third-party applications. Misusing their capabilities introduces significant risks, such as internal and external threats potentially exfiltrating sensitive data shared via email without leaving any logs, remaining invisible and persistent.