Malicious Outlook Add-in Breaches 4,000 Microsoft Accounts Despite Store Security
A weaponized Outlook add-in called AgreeTo hijacked over 4,000 Microsoft accounts by serving phishing pages directly inside the email client’s sidebar, exploiting a glaring oversight in the company’s extension vetting process. Attackers claimed an abandoned domain tied to the legitimate productivity tool—still sporting a 4.71-star rating—and deployed fake login prompts that funneled credentials straight to a Telegram bot. The add-in’s ReadWriteItem permissions gave it alarming access to modify emails during evading detection. What makes this breach particularly unsettling is how it weaponized pre-approved infrastructure to bypass traditional security awareness.
A “zombie” cyberattack exploited Microsoft’s Outlook add-in ecosystem to steal over 4,000 account credentials by hijacking an abandoned productivity tool and serving phishing pages directly inside the email client.
Security researchers at Koi AI uncovered what appears to be the first documented case of a malicious Office add-in deployed in the wild—a nightmare scenario that exposes crucial gaps in how Microsoft monitors third-party extensions after initial approval. The hijacked tool, originally called AgreeTo, maintained its innocent 4.71-star rating even as attackers weaponised it to harvest passwords, credit card numbers, and banking security answers from unsuspecting users.
An abandoned Outlook add-in with a 4.71-star rating became a credential harvesting weapon after attackers hijacked its dormant domain.
Here’s the terrifying simplicity of it: Office add-ins are fundamentally web pages loaded through iframes from live URLs. When the original developers abandoned their Vercel-hosted domain, attackers simply claimed the orphaned URL without needing fresh approval from Microsoft. The manifest file—reviewed and greenlit back in December 2022—granted ReadWriteItem permissions, allowing the add-in to read and modify emails. Microsoft never rechecked what was actually being served from that URL.
The attack itself was brutally efficient. Victims saw a fake Microsoft login page materialise in their Outlook sidebar with a simple prompt: “Sign in to continue.” Those who complied handed over credentials that were immediately routed to the attacker’s Telegram bot API. The exfiltration script didn’t stop at passwords—it scraped credit card CVVs, banking security questions for Interac e-Transfer payments, and IP addresses. After harvesting data, victims were redirected to legitimate Microsoft login pages to avoid raising suspicion.
Koi researchers infiltrated the attacker’s Telegram channels and discovered the operator runs at least twelve additional phishing kits targeting banks, ISPs, and webmail providers. They were actively testing stolen credentials for high-value accounts during the discovery period. The researchers took the unusual step of contacting all 4,000 victims directly to warn them.
Microsoft removed the add-in after being alerted, though the phishing infrastructure remained operational afterward. No CVE was assigned—this is being classified as a supply chain risk rather than a traditional vulnerability. The add-in had been available on Microsoft Office Add-in Store since its original approval in late 2022.
The broader implications should concern anyone managing enterprise email systems. Add-ins update silently without oversight once approved, creating a persistent backdoor if the underlying URL gets compromised. The attackers bypassed vetting entirely by exploiting pre-approved infrastructure Microsoft had already signed off on.
Although this particular operation focused on credential theft, the permissions granted could have facilitated inbox reading or email spoofing.
Security experts recommend runtime URL validation, mandatory MFA enforcement, and allowing administrators to block add-ins at the organisational level. Microsoft has suggested sandboxing for add-ins to enhance security protections against similar attacks. As when your email client becomes the phishing page, traditional security awareness training becomes markedly less effective.
Final Thoughts
The recent breach is a stark reminder that even trusted marketplaces can fall victim to malicious threats. With 4,000 Microsoft accounts compromised, it’s crucial to prioritize the security of your devices. At Geeks Computer Repair Services, we understand the importance of a secure computing environment.
Why choose us for your virus removal needs? Our dedicated PC and laptop technician boasts over 30 years of combined experience and is a Microsoft Certified Professional, as well as CompTIA A+ certified. We specialize in virus, malware, and spyware removal, ensuring that your device is thoroughly cleaned and tuned up. Unlike some technicians, we won’t try to sell you a new computer; instead, we focus on providing effective solutions tailored to your needs.
With more than 1,000 five-star reviews on Word of Mouth, our commitment to customer satisfaction speaks for itself. Our lead technician, the youngest employee to work for IBM in Australia, is ready to tackle any tech problem you may have. We offer free phone advice to existing customers for calls under 5 minutes and are open 7 days a week, from 7 AM to 10 PM.
If you suspect your computer may have a virus or if it hasn’t been cleaned or tuned up in a while, don’t hesitate to reach out. We aim for fast turnaround times to get your machine up and running quickly.
Call us today at 0410 659 349 to schedule an appointment or to inquire about our services. For more information, you can also see our reviews here. Protect your devices and your data – trust Geeks Computer Repair Services to keep your technology safe!