First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
Summary
A novel supply chain attack involving a malicious Microsoft Outlook add-in has been discovered. The attacker used a compromised domain associated with a legitimate add-in to serve a fake Microsoft login page, resulting in the theft of over 4,000 credentials.
IFF Assessment
A new attack vector targeting Microsoft Outlook users has been identified, increasing the threat landscape for defenders.
Severity
Defender Context
This attack highlights the risk of supply chain vulnerabilities and the importance of verifying the legitimacy of add-ins. Defenders should implement mechanisms to detect and block malicious add-ins, educate users about phishing tactics, and monitor for suspicious login activity. Supply chain attacks are an increasing trend, requiring careful vendor risk management and continuous monitoring of third-party components.