4,000+ Microsoft Credentials Harvested via AgreeTo Outlook Add-In

AgreeToSteal is the first documented case of a malicious Microsoft Outlook add-in operating in the wild. The campaign originated from a legitimate meeting scheduling add-in (“AgreeTo”) that was abandoned by its developer. After the associated hosting subdomain became unclaimed, a threat actor hijacked it and deployed a phishing kit. The attack leveraged Microsoft’s own Office Add-in infrastructure to deliver credential harvesting pages inside Outlook, resulting in more than 4,000 stolen Microsoft account credentials.

Severity: Moderate

Threat Details

1. Background & Initial Conditions

• Original Add-In: AgreeTo (meeting scheduling tool)
• Published: December 2022 in Microsoft Office Add-in Store
• Permissions Granted: ReadWriteItem (ability to read and modify user emails)
• Hosting Model: Remote dynamic content loaded via URL defined in signed XML manifest

Office Add-ins are not static binaries. They load a live URL in an iframe inside Outlook. Microsoft reviews and signs the manifest at submission but does not continuously validate the hosted content.

When development stopped and the Vercel deployment was deleted, the subdomain became available for registration.

2. Domain Takeover & Weaponization

The attacker claimed the abandoned Vercel subdomain and deployed a four-page phishing kit:

1. Fake Microsoft sign-in page
2. Password collection page
3. Credential exfiltration script
4. Redirect mechanism

No modification to the Microsoft store listing was required. The signed add-in manifest continued to direct Outlook clients to the now attacker-controlled domain.

3. Attack Execution Flow

1. User opens AgreeTo add-in inside Outlook.
2. Malicious page displays Microsoft-branded login interface.
3. Victim enters email and password.
4. JavaScript captures:
   o Email
   o Password
   o Victim IP address
5. Data exfiltrated via Telegram Bot API (HTTP POST request).
6. Victim redirected to legitimate login.microsoftonline.com.
7. User assumes login retry was required; compromise goes unnoticed.

No dedicated C2 server was used. The attacker relied solely on Telegram infrastructure for exfiltration.

4. Impact & Scale

Researchers gained access to the poorly secured Telegram bot infrastructure and recovered:

• 4,000+ Microsoft account credentials
• Email/password combinations
• Credit card numbers
• CVVs
• PINs
• Banking security answers (used for Interac e-Transfer interception)

The campaign is ongoing and part of a broader phishing ecosystem involving at least 12 distinct brand impersonation kits targeting banks, ISPs, and webmail providers.

Recommendations

1. Audit all installed Office Add-ins across the tenant; remove unused or abandoned add-ins. Specifically search for Add-in ID: WA200004949.
2. Disable user self-installation of Office Store add-ins.
3. Enforce phishing-resistant MFA across Microsoft accounts.
4. Train users to verify in-app authentication prompts and be cautious of repeated login requests within Outlook.
5. Block the IOCs at their respective controls
   https://www.virustotal.com/gui/collection/0ef242403e67cc3429ed03949c1443cc3bd16bdb0111a2f759cf2b5da56b65bb/iocs

Source:

• https://www.koi.ai/blog/agreetosteal-the-first-malicious-outlook-add-in-leads-to-4-000-stolen-credentials

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.