Ddos 
The phishing page | Image: Koi Security
In a disturbing first for enterprise security, researchers at Koi Security have uncovered a malicious Microsoft Outlook add-in actively harvesting credentials in the wild. The incident turns the standard phishing playbook on its head: instead of tricking users into clicking a suspicious link, attackers weaponized a legitimate tool already trusted by Microsoft and installed in victims’ sidebars.
The report details the corruption of “AgreeTo,” a once-popular meeting scheduling tool that was abandoned by its developer, only to be resurrected by cybercriminals as a stealthy phishing weapon.
The attack vector was alarmingly simple. The original developer of AgreeTo built the add-in in 2022 and hosted it on Vercel, a popular cloud platform. When the project was abandoned, the developer let the associated domain expire.
This created a void that attackers were quick to fill. Because the add-in was still listed in the official Microsoft Office Add-in Store, attackers simply claimed the abandoned Vercel URL and replaced the legitimate scheduling tool with a phishing kit.
“The add-in stayed listed in Microsoft’s store. The URL it pointed to… became claimable. An attacker claimed it, deployed a phishing kit, and Microsoft’s own infrastructure started serving it inside Outlook’s sidebar,” the report explains.
Suddenly, thousands of users who had previously installed the safe version of AgreeTo—or who downloaded it from the official store—were presented with a fake Microsoft login screen inside their Outlook application.
The genius of the attack lies in its evasion of traditional security layers. Because the phishing page was loaded within a trusted Outlook process and hosted on a legitimate domain (vercel.app), it bypassed email gateways, endpoint protection, and URL filters.
“They didn’t need to send a phishing email. They didn’t need to trick someone into clicking a suspicious link. They took over an abandoned URL that Microsoft’s own infrastructure was pointing users to,” Koi Security researchers noted.
The impact was immediate and severe. By accessing the attacker’s exfiltration channel, researchers recovered “over 4,000 stolen Microsoft account credentials, credit card numbers, and banking security answers,” revealing an active operation where stolen logins were being tested in real-time.
The incident exposes a fundamental architectural weakness in how modern add-ins function. Unlike traditional software that is “shipped” as a static file, Office add-ins are often just windows to a remote website.
“Microsoft reviews the manifest at submission, but the actual content can change at any time without further review,” the report warns.
This means a tool approved on Monday can become malware on Tuesday without the user—or Microsoft—knowing until it’s too late. With “AgreeTo” possessing ReadWriteItem permissions, the potential damage extended far beyond credential theft; the attackers technically had the ability to read and modify the victims’ emails directly.
Related Posts:
- “Exfil Out&Look” Flaw Lets Spies Steal Emails via OWA Undetected
- Sitting Ducks and Scammy Notifications: Inside a Global Malvertising Operation
- CVE-2023-2986: Abandoned Cart Lite for WooCommerce Plugin Faces Authentication Bypass Vulnerability
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
