CYBERSECURITY researchers have flagged the first known malicious Microsoft Outlook add-in detected in the wild, dubbed AgreeToSteal by Koi Security, which leveraged a now-abandoned legitimate add-in domain to host a fake Microsoft login page and steal over 4,000 credentials. The phishing kit operated at a URL tied to the manifest of the AgreeTo add-in, and the attacker redirected victims to the actual Microsoft login afterward, exfiltrating passwords via the Telegram Bot API.
The add-in in question, named AgreeTo, aimed to connect calendars and share availability, with its developer noting a December 2022 last update. The incident highlights the broader risk of supply chain attacks through trusted distribution channels, with Idan Dardikman of Koi stating this expands into a problem where content can change after initial approval.
According to Microsoft’s documentation, add-in developers are required to create an account and submit to the Partner Center for approval, but live content fetched from the developer’s server can vary each time the add-in is opened. The researchers warn that the ReadWriteItem permission enables reading and modifying emails, which could allow covert data siphoning if exploited, underscoring the need for ongoing monitoring of add-in content and lifecycles.