A legitimate Outlook add-in called AgreeTo was hijacked by threat actors who replaced it with a phishing kit, stealing over 4,000 Microsoft account credentials through a fake login page embedded in Outlook's sidebar.
A legitimate Outlook add-in called AgreeTo has been hijacked and weaponized to steal more than 4,000 Microsoft account credentials, marking what appears to be the first documented case of a malicious add-in hosted on Microsoft's official Marketplace.
Originally developed as a meeting scheduling tool for Outlook users, AgreeTo was created by an independent publisher and had been available on the Microsoft Office Add-in Store since December 2022. The add-in operated by loading content from a Vercel-hosted URL (outlook-one.vercel.app), but when the original developer abandoned the project, the orphaned URL became vulnerable to takeover.
How the Hijacking Worked
Office add-ins function as URLs that point to content loaded into Microsoft products from the developer's server. Once an add-in is approved and listed in the Microsoft store, there is no ongoing verification process. Microsoft reviews the manifest file during submission and signs it for approval, but after that, all resources—including the user interface and interactive elements—are loaded from the developer's server.
In this case, the threat actor claimed the abandoned URL and deployed a sophisticated phishing kit. When users opened the malicious AgreeTo add-in in Outlook, instead of seeing the expected scheduling interface, they encountered a fake Microsoft login page in the program's sidebar. This fake login prompt was designed to closely mimic legitimate Microsoft authentication screens, making it difficult for users to distinguish from the real thing.
Any credentials entered into this fake login page were immediately exfiltrated via a Telegram bot API to the attackers. To reduce suspicion and avoid detection, victims were then redirected to the actual Microsoft login page after submitting their credentials.
Scope of the Compromise
According to researchers at supply-chain security company Koi Security, who discovered the compromise, over 4,000 Microsoft account credentials were stolen through this campaign. The attackers also collected credit card numbers and banking security answers from victims.
The add-in retained ReadWriteItem permissions, which would have allowed it to read and modify user emails, though Koi researchers confirmed no such malicious activity had been detected.
Broader Threat Landscape
Koi Security's investigation revealed that the operator behind this attack runs at least a dozen additional phishing kits targeting internet service providers, banks, and webmail providers. While malicious add-ins aren't entirely new to the threat landscape, they have typically been promoted through spam forum comments, phishing emails, and malvertising campaigns.
What makes the AgreeTo case particularly significant is that it represents the first known instance of a malicious Outlook add-in being hosted on Microsoft's official Marketplace. Koi Security researcher Oren Yomtov told BleepingComputer that this is both the first malware found on the official Microsoft Marketplace and the first malicious Outlook add-in detected in the wild.
Technical Implementation
The phishing kit deployed by the attackers included several sophisticated components:
- A fake Microsoft sign-in page that loaded directly within Outlook's sidebar interface
- A password collection page designed to capture user credentials
- An exfiltration script that transmitted stolen data to the attackers
- A redirect mechanism to send victims to the legitimate Microsoft login page after credential submission
This approach allowed the attackers to maintain a low profile while maximizing their success rate, as users who had already entered their credentials would naturally assume any subsequent login prompts were legitimate.
Microsoft's Response
The malicious add-in remained available in the Microsoft Store until the day Koi Security published their findings, at which point Microsoft removed it from the marketplace. BleepingComputer has reached out to Microsoft for comment on the researchers' findings but had not received a response at the time of publication.
Recommendations for Users
If you have the AgreeTo add-in installed in Outlook, security researchers strongly recommend removing it immediately and resetting your passwords. This incident highlights the importance of regularly auditing the add-ins and extensions installed in your productivity applications, even those obtained from official marketplaces.
The case also underscores the potential risks associated with abandoned software projects and the need for ongoing monitoring of third-party components, even after they have been approved and distributed through official channels.
The AgreeTo hijacking serves as a stark reminder that even trusted sources like official app stores can harbor threats, and users should remain vigilant about the permissions granted to third-party applications and the legitimacy of the tools they install in their workflow applications.
Comments
Please log in or register to join the discussion