Security researchers have spotted the first malicious Outlook add-in in the wild, used to steal 4,000+ Microsoft credentials via a phishing exploit.
Cybersecurity researchers have uncovered what appears to be the first malicious Microsoft Outlook add-in detected in the wild, capable of harvesting thousands of credentials from unsuspecting users.
The incident, tracked by security firm Koi Security and dubbed AgreeToSteal, stems from a supply chain abuse of a previously legitimate Outlook add-in called AgreeTo. Originally designed as a tool to combine calendars and share availability, the add-in had not been updated since December 2022 and was effectively abandoned by its developer.
Attackers took advantage of this lull by registering the domain previously associated with the add-in’s online content. From there, they hosted a phishing page mimicking Microsoft’s login interface, which was served inside Outlook whenever the add-in loaded. Over 4,000 Microsoft credentials are believed to have been captured before the threat was detected.
The exploit highlights a broader issue with Office add-ins: while Microsoft reviews add-in manifests during initial submission, there is no ongoing content validation after approval. Because the add-in’s manifest referenced an external URL, and that URL later pointed to the attacker’s infrastructure, Outlook unwittingly delivered the malicious content to users.
“This is the same class of attack we’ve seen in browser extensions, npm packages and other third-party components,” explained Idan Dardikman, co-founder and CTO of Koi Security. “The problem arises when a trusted distribution channel continues to serve content after the original developer has moved on.”
Microsoft add-ins run within Outlook, where users often handle sensitive communications and account access. Because they can request permissions to read and modify emails, misuse can pose significant risk. Researchers warn that without periodic re-reviews and domain ownership verification, similar attacks could recur.
To counteract these risks, experts recommend continuous monitoring of add-in content, automatic re-validation when hosted URLs change, and tools to flag or remove add-ins that haven’t been updated for extended periods.
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
