A threat actor hijacked AgreeTo, an abandoned Outlook scheduling add-in with a 4.71-star rating, exploiting its orphaned Vercel subdomain to deploy a sophisticated phishing kit that compromised over 4,000 Microsoft accounts. The attack exposed a critical flaw in Microsoft's review process—the company examines manifest files during initial approval but never verifies the actual code loaded from developer-controlled servers afterward. Stolen credentials, credit card details, and banking information flowed directly to the attacker's Telegram channel as unsuspecting users continued downloading the malicious tool, and the full scope of this first-documented Office add-in exploit reveals deeper vulnerabilities in trusted software distribution.
When a developer abandons a legitimate app, it doesn't just fade into obscurity—sometimes it becomes a weapon. That's exactly what happened with AgreeTo, a once-innocent Outlook scheduling add-in that morphed into a credential-harvesting machine after a threat actor hijacked its orphaned infrastructure.
The attack mechanism was disturbingly elegant. AgreeTo originally lived on the Vercel subdomain outlook-one.vercel.app, and when its creator moved on, that URL became unclaimed digital real estate. An attacker simply grabbed it, deployed a convincing phishing kit complete with a fake Microsoft login page, and waited. Since the add-in remained listed in the Microsoft Store with its respectable 4.71-star rating intact, unsuspecting users continued downloading it. The malicious content loaded directly into Outlook's sidebar via iframe—no re-approval needed, no warning flags raised.
Over 4,000 Microsoft account credentials vanished into the attacker's Telegram channel, alongside credit card numbers, CVVs, PINs, and banking security answers for Interac e-Transfer. IP addresses came bundled with each stolen credential set, creating a thorough identity theft toolkit. Koi Security researchers who uncovered this "zombie add-in" attack infiltrated the attacker's Telegram bot and discovered active credential testing operations, confirming the stolen data wasn't just collected—it was being weaponised.
The permissions granted back in 2022 during AgreeTo's legitimate phase included ReadWriteItem access, theoretically allowing email modification across entire mailboxes. Although researchers found no evidence of email siphoning in this particular campaign, the potential existed for far worse exploitation. Think about that: a tool you installed to schedule meetings could've been reading your confidential communications.
Microsoft's review process revealed a critical blind spot. The company examines manifest XML files during initial approval—checking the URL, name, description, and permissions—but uploads no actual code for assessment. Add-ins load live content from developer-controlled servers, meaning what gets approved isn't necessarily what gets delivered. Once signed off, there's no ongoing verification of hosted content, and orphaned add-ins can linger indefinitely without wellness checks. The add-in had been available since December 2022, giving it nearly two years to build legitimacy before its hijacking.
This marks the first documented case of a malicious Office add-in discovered in the wild, according to security researchers. The operator behind this supply chain attack runs at least twelve additional phishing operations targeting ISPs, banks, and webmail providers—a professional, multi-brand setup that suggests this wasn't amateur hour. Microsoft advised implementing runtime URL checks to prevent similar exploitation in the future.
Microsoft removed AgreeTo from the Store following notification, but the phishing infrastructure persisted beyond the takedown. The incident exposes an uncomfortable truth about modern software distribution: trust granted once can be exploited indefinitely. Your inbox's security depends not just on what you install today, but whether that software stays in responsible hands tomorrow. That abandoned app with the stellar rating? It might be watching.
Final Thoughts
This breach highlights a troubling reality: even official app stores aren't immune to exploitation. Microsoft has since removed the malicious add-in and begun damage control, but the incident exposes how trust in verified platforms can backfire spectacularly. This Microsoft Store Outlook add-in attack compromised thousands of accounts by exploiting users' trust in legitimate platforms.
Fix It Home Computer repairs specializes in securing Microsoft accounts and applications against such threats. Our experts can audit your installed add-ins, implement robust multi-factor authentication, and strengthen your overall cybersecurity posture to prevent similar breaches from affecting your business or personal accounts.
Don't wait until your accounts are compromised. Click on our contact us page today to schedule a comprehensive security assessment and protect yourself from the next wave of sophisticated cyber attacks targeting trusted platforms.
