{"id":15791,"date":"2026-02-12T19:16:39","date_gmt":"2026-02-12T19:16:39","guid":{"rendered":"https:\/\/newestek.com\/?p=15791"},"modified":"2026-02-12T19:16:39","modified_gmt":"2026-02-12T19:16:39","slug":"dead-outlook-add-in-hijacked-to-phish-4000-microsoft-office-store-users","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15791","title":{"rendered":"\u2018Dead\u2019 Outlook add-in hijacked to phish 4,000 Microsoft Office Store users"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>A blind spot in Microsoft\u2019s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, researchers have discovered.<\/p>\n<p>The app in question, AgreeTo, is, or was, a meeting scheduling tool that first appeared in 2022 but was abandoned at some point after that by its developer. Despite this, the add-in continued to be listed on Microsoft\u2019s site.<\/p>\n<p>A hacker noticed the change in its status and hijacked the dead add-in and its 4.71-star rating to conduct a phishing campaign that the company which <a href=\"https:\/\/www.koi.ai\/blog\/agreetosteal-the-first-malicious-outlook-add-in-leads-to-4-000-stolen-credentials\" target=\"_blank\" rel=\"noreferrer noopener\">uncovered the attack<\/a>, plug-in security company Koi Security, later discovered had successfully stolen thousands of Microsoft account credentials.<\/p>\n<p>Was it a clever takeover by a sophisticated attacker? In fact, according to Koi Security, the hijack was easy, thanks to weaknesses in the process through which developers submit add-ins to Microsoft\u2019s marketplace.<\/p>\n<p>Submitting an add-in to Microsoft merely involves sending a simple XML manifest that lists the add-in\u2019s name and description, the URL from which it is downloaded, and any permissions it needs.<\/p>\n<p>No code is uploaded for assessment. AgreeTo\u2019s manifest simply linked to a subdomain URL, <em>outlook-one.vercel.app<\/em>, hosted on the Vercel development platform, from which users download the software.<\/p>\n<p>\u201cMicrosoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content \u2013 the UI, the logic, everything the user interacts with \u2013 is fetched live from the developer\u2019s server every time the add-in opens,\u201d said Koi Security\u2019s researchers.<\/p>\n<h2 class=\"wp-block-heading\" id=\"orphaned-url\">Orphaned URL<\/h2>\n<p>By grabbing the abandoned subdomain, the attacker gained control of whatever the URL in the original manifest pointed to. This content was replaced with a new URL pointing to a phishing kit comprising a fake Microsoft sign-in page for password collection, an exfiltration script, and a redirect. The original manifest also granted the attacker permission to read and modify emails.<\/p>\n<p>\u201cThey didn\u2019t submit anything to Microsoft. They weren\u2019t required to pass any review. They didn\u2019t create a store listing. The listing already existed \u2013 Microsoft-reviewed, Microsoft-signed, Microsoft-distributed. The attacker just claimed an orphaned URL, and Microsoft\u2019s infrastructure did the rest,\u201d said Koi Security.<\/p>\n<p>Phished credentials and victim IP addresses were automatically sent to the attacker via a simple Telegram bot, without the need for complex command &amp; control, Koi Security said.<\/p>\n<p>The researchers were able to get inside this infrastructure, discovering that 4,000 victims had fallen into the attacker\u2019s phishing trap; all were later contacted by Koi Security to warn that their credentials had been compromised.<\/p>\n<p>The same attacker was found to be operating 12 different phishing kits impersonating a variety of banks and webmail providers, Koi Security added. Data stolen from these sites included credit card numbers, CVVs, PINs, and banking security answers used by recipients to receive payments made via the Interac e-Transfer system, as well as password credentials.<\/p>\n<p>The weakness revealed by the AgreeTo hijack is Microsoft\u2019s add-in delivery architecture; it just distributes a simple, and potentially unreliable, URL. Because of this, Koi Security pointed out, \u201can add-in that\u2019s clean on Monday can serve a phishing page on Tuesday \u2013 or, as in this case, years later. Microsoft reviews the manifest at submission, but the actual content can change at any time without further review.\u201d<\/p>\n<p>Ironically, the weakness was identified as long ago as 2019 by another security company, <a href=\"https:\/\/www.mdsec.co.uk\/2019\/01\/abusing-office-web-add-ins-for-fun-and-limited-profit\/\" target=\"_blank\" rel=\"noreferrer noopener\">MDSec<\/a>. AgreeTo is believed to be the first malicious Outlook add-in ever discovered on the Microsoft Marketplace, which might explain why deeper URL checking wasn\u2019t implemented after this research.<\/p>\n<p>As of February 12, the AgreeTo add-in is no longer available from Microsoft Marketplace. Anyone still using AgreeTo is advised to remove it as soon as possible, and to reset their Microsoft account passwords.<\/p>\n<p>A separate AgreeTo extension for Chrome stopped working in 2024; Google removed it in February 2025.<\/p>\n<p><em>This article originally appeared on <a href=\"https:\/\/www.computerworld.com\/article\/4131595\/dead-outlook-add-in-hijacked-to-phish-4000-microsoft-office-store-users.html\" target=\"_blank\">Computerworld<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A blind spot in Microsoft\u2019s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, researchers have discovered. The app in question, AgreeTo, is, or was, a meeting scheduling tool that first appeared in 2022 but was abandoned at some point after that by its developer. Despite this, the add-in continued&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=15791\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15791","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15791","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15791"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15791\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15791"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15791"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}