Malicious AgreeTo Outlook Add-In Hijacked to Steal 4,000 Microsoft Credentials A legitimate Outlook add-in, AgreeTo, was hijacked by threat actors and repurposed as a phishing kit, resulting in the theft of over 4,000 Microsoft account credentials, along with credit card details and banking security answers. Originally developed as a meeting scheduling tool, the add-in was published on Microsoft’s Office Add-in Store in December 2022 by an independent developer who later abandoned the project leaving its Vercel-hosted URL (outlook-one.vercel.app) vulnerable to takeover. Researchers at supply-chain security firm Koi Security discovered that the abandoned URL was claimed by a threat actor, who replaced the add-in’s legitimate content with a fake Microsoft sign-in page, a credential harvesting script, and an exfiltration mechanism. Once installed, the malicious add-in displayed a convincing phishing prompt in Outlook’s sidebar, tricking users into entering their credentials. Stolen data was transmitted via a Telegram bot API before victims were redirected to the real Microsoft login page to avoid suspicion. The add-in retained ReadWriteItem permissions, allowing it to access and modify user emails, though no such activity was confirmed. Koi Security found that the attacker operates multiple phishing kits targeting ISPs, banks, and webmail providers. The compromised AgreeTo add-in remained available on Microsoft’s store until its removal on the day of disclosure. This incident marks the first known case of malware distributed via Microsoft’s official Marketplace and the first malicious Outlook add-in detected in the wild. Microsoft’s review process for add-ins limited to initial manifest verification failed to detect the compromise, as the malicious content was loaded from the attacker-controlled server. No official response from Microsoft has been issued at this time.