Microsoft Outlook Add-In Hijacked in "Zombie" Phishing Attack, Stealing Credentials and Payment Data
Security researchers at Koi AI have uncovered a novel phishing campaign exploiting a dormant Microsoft Outlook add-in, dubbed "AgreeTo", to steal Microsoft account logins, passwords, credit card details, and bank security answers from thousands of users.
Originally released in 2022 as a legitimate meeting scheduler, AgreeTo was abandoned by its developer, allowing its hosting domain (outlook-one.vercel.app) to expire. Since Office add-ins function as web pages loaded in an iframe within Outlook rather than static downloads attackers seized control of the abandoned subdomain, instantly gaining access to the add-in’s interface without requiring reapproval from Microsoft.
The add-in’s 2022 manifest file, which passed Microsoft’s initial security review, granted it “ReadWriteItem” permissions, enabling it to read and modify emails. Once hijacked, the attackers replaced the original scheduler with a fake Microsoft login page, tricking users into entering credentials. A malicious script then harvested emails, passwords, IP addresses, credit card numbers, and security question answers, exfiltrating the data to a Telegram bot controlled by the attackers.
Koi AI infiltrated the bot’s channel, recovering evidence of over 4,000 victims, with attackers actively testing stolen credentials at the time of discovery. While Microsoft removed the add-in from its store, phishing sites remained active, and no CVE has been assigned. The incident highlights a critical flaw in Microsoft’s add-in security model: once approved, add-ins are never rechecked, even if their underlying web content changes.
Unlike traditional malware, this "zombie" attack leverages dynamic dependencies add-ins that update silently without user or vendor oversight. While the attackers in this case focused on phishing, the same technique could have enabled email spoofing, inbox surveillance, or further lateral movement within compromised accounts.
The attack underscores broader supply chain risks in modern applications, where third-party dependencies can become vectors for exploitation long after initial deployment. Microsoft has not yet announced mitigations, but potential fixes could include runtime URL validation, periodic manifest re-reviews, or sandboxing to limit add-in privileges.
Microsoft Security cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security
"id": "MIC1770908198",
"linkid": "microsoft-security",
"type": "Cyber Attack",
"date": "1/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 4,000 victims',
'location': 'Global',
'name': "Microsoft Outlook users with 'AgreeTo' add-in",
'type': 'End users'}],
'attack_vector': 'Compromised third-party add-in (supply chain attack)',
'data_breach': {'data_exfiltration': 'Yes (exfiltrated to Telegram bot)',
'number_of_records_exposed': 'Over 4,000',
'personally_identifiable_information': 'Yes (credentials, '
'security answers, IP '
'addresses)',
'sensitivity_of_data': 'High (financial and authentication '
'data)',
'type_of_data_compromised': ['Credentials',
'Payment information',
'Personally identifiable '
'information (PII)',
'Emails',
'IP addresses']},
'date_detected': '2024',
'description': 'Security researchers at Koi AI uncovered a phishing campaign '
"exploiting a dormant Microsoft Outlook add-in, 'AgreeTo', to "
'steal Microsoft account logins, passwords, credit card '
"details, and bank security answers. The abandoned add-in's "
'domain was hijacked, allowing attackers to replace its '
'interface with a fake Microsoft login page, harvesting '
'sensitive data and exfiltrating it to a Telegram bot.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'Microsoft due to add-in security flaws',
'data_compromised': 'Microsoft account logins, passwords, credit '
'card details, bank security answers, emails, '
'IP addresses',
'identity_theft_risk': 'High (stolen credentials and PII)',
'operational_impact': 'Potential unauthorized access to emails, '
'lateral movement within compromised '
'accounts',
'payment_information_risk': 'High (credit card and bank security '
'answers stolen)',
'systems_affected': "Microsoft Outlook with 'AgreeTo' add-in "
'installed'},
'initial_access_broker': {'entry_point': 'Abandoned Outlook add-in domain '
'takeover'},
'investigation_status': 'Ongoing (phishing sites remained active at time of '
'disclosure)',
'lessons_learned': 'Critical flaw in Microsoft’s add-in security model: once '
'approved, add-ins are never rechecked, even if their '
'underlying web content changes. Highlights supply chain '
'risks in third-party dependencies.',
'motivation': 'Financial gain (credential theft, payment data exfiltration)',
'post_incident_analysis': {'root_causes': ['Lack of runtime validation for '
'add-in URLs',
'No re-review of approved add-ins '
'after domain changes',
'Supply chain risk from '
'third-party dependencies']},
'recommendations': ['Runtime URL validation for add-ins',
'Periodic manifest re-reviews',
'Sandboxing to limit add-in privileges'],
'references': [{'source': 'Koi AI'}],
'response': {'containment_measures': 'Microsoft removed the add-in from its '
'store',
'third_party_assistance': 'Koi AI (security researchers)'},
'title': "Microsoft Outlook Add-In Hijacked in 'Zombie' Phishing Attack, "
'Stealing Credentials and Payment Data',
'type': 'Phishing',
'vulnerability_exploited': 'Abandoned domain takeover, lack of runtime URL '
'validation in Microsoft add-ins'}