Hackers Hijack Outlook Add-In to Steal Thousands of Microsoft Credentials

A trusted marketplace listing turned into a live phishing operation after attackers seized control of an abandoned project.

Microsoft Marketplace

Security researchers have revealed that the AgreeTo extension for Microsoft Outlook was silently converted into a credential-harvesting platform.

The add-in originally launched as a legitimate scheduling assistant in 2022. However, its developer later abandoned the infrastructure that hosted the application. Because Office add-ins load content directly from external servers, control of that URL effectively means control of the product.

A threat actor claimed the orphaned address and replaced the service with a phishing kit.

How the Takeover Worked

Researchers at Koi Security discovered that attackers deployed:

• A fake Microsoft sign-in page
• A password harvesting interface
• Automated data exfiltration
• A redirect to the real login portal

Victims who opened the add-in inside Outlook saw what looked like a routine authentication prompt in the sidebar. After entering credentials, they were forwarded to the legitimate page, which reduced suspicion.

Thousands of Accounts Compromised

During their investigation, Koi accessed the attacker’s collection channel. They found more than 4,000 stolen Microsoft credentials.

The database also contained credit card information and answers to banking security questions. Researchers observed the operator actively validating accounts in real time.

The stolen data traveled through a Telegram bot API, allowing attackers to receive submissions instantly.

Why Store Approval Didn’t Stop It

When developers submit Office add-ins, Microsoft reviews and signs the manifest. After approval, however, the platform does not continuously verify hosted content.

Because AgreeTo had already passed validation, Outlook continued to trust whatever the external server delivered. Once attackers gained that server, they inherited the trust relationship.

The add-in still retained ReadWriteItem permissions, which theoretically allowed reading or modifying emails. Investigators did not confirm abuse of that capability.

A New Supply Chain Milestone

Malicious extensions have circulated before, but they usually spread through spam, ads, or direct downloads. This case stands out because the phishing kit operated from the official marketplace.

According to Koi, this may represent the first confirmed example of an Outlook add-in weaponized in this manner.

What Users Should Do Now

Microsoft has removed the listing. However, users who previously installed the add-in should delete it immediately.

They should also:

• Reset passwords
• Invalidate active sessions
• Review account activity
• Enable stronger authentication controls

The Bigger Security Lesson

Cloud ecosystems increasingly rely on distributed trust. When validation occurs only once, abandoned projects can become ideal takeover targets.

Attackers do not always need exploits. Sometimes they only need ownership of forgotten infrastructure.