A technical analysis by Koi Security reported that researchers uncovered the first known malicious Outlook add-in in the wild where a hijacked add-in domain served a fake sign in page and captured more than 4,000 credentials.
KEY FACTS
- Incident first known malicious Outlook add-in hijacked domain and phished credentials
- Victims more than 4,000 credentials captured
- Add-in AgreeTo listing on Microsoft Marketplace
- Permissions configured with ReadWriteItem allowing read and modify access to mail
The add-in, named AgreeTo, was last updated in December 2022. Its manifest pointed to a Vercel hosted URL that became claimable after the developer’s deployment was deleted, and the domain later served malicious content.
Attackers staged a phishing kit on the claimed URL that presented a fake sign in page, captured entered passwords, exfiltrated the data via the Telegram Bot API, and then redirected victims to the legitimate sign in page.
Because the add-in was configured with ReadWriteItem permissions, code running in the add-in could read and modify a user’s emails. That configuration created a potential for covert extraction of mailbox contents if a malicious actor injected JavaScript.
The incident highlights a gap in marketplace controls where manifests are reviewed at submission but the live content fetched from developer servers is not periodically rescreened. Recommended mitigations include re reviewing add ins when their hosted content changes, verifying domain ownership or flagging changed infrastructure, delisting add ins that have not been updated, and displaying installation counts to assess impact.
WHY IT MATTERS
The finding shows that marketplaces that host add ins with remote dependencies can be abused when hosting domains change hands. Continued monitoring of live add in content would reduce the specific supply chain risk exposed by this incident.