Outlook Add‑In Hijacks Fuel AI‑Generated Malware in Blended Threat Campaigns

A wave of Outlook add‑in hijacks has been observed, with threat actors compromising legitimate Office Store extensions to inject malicious code that executes when users open email. The compromised add‑ins are being used to deliver credential‑stealing payloads, ransomware droppers, and to recruit infected machines into an existing wormable botnet that continues to spread via vulnerable SMB services. Because the malicious components are hidden inside trusted Microsoft Office workflows, they often bypass traditional email filters and endpoint signatures.

At the same time, attackers are leveraging AI‑generated malware to accelerate development and obfuscation, blending these new tools with the older Outlook hijack technique. The AI‑driven code can produce novel payload variants that evade static detection while still executing the same command‑and‑control functions. Defenders must tighten Outlook add‑in policies, monitor for anomalous Office activity, and augment signature‑based defenses with behavior‑focused analytics to catch both the legacy botnet traffic and the rapidly evolving AI‑crafted threats.

Categories: Malware & Ransomware, AI Security & Threats, Threat Intelligence

Source: Read original article