{"id":10603,"date":"2026-02-12T10:03:52","date_gmt":"2026-02-12T10:03:52","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/02\/12\/microsoft-outlook-add-in-stolen-4000-microsoft-account-credentials-and-credit-card-numbers\/"},"modified":"2026-02-12T10:03:52","modified_gmt":"2026-02-12T10:03:52","slug":"microsoft-outlook-add-in-stolen-4000-microsoft-account-credentials-and-credit-card-numbers","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/02\/12\/microsoft-outlook-add-in-stolen-4000-microsoft-account-credentials-and-credit-card-numbers\/","title":{"rendered":"Microsoft Outlook Add-in Stolen 4,000 Microsoft account Credentials and Credit Card Numbers"},"content":{"rendered":"<p>    Microsoft Outlook Add-in Stolen 4,000 Microsoft account Credentials and Credit Card Numbers<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Security researchers have identified the first documented instance of a malicious Microsoft Outlook add-in being used against users in real-world scenarios.<\/p>\n<p>A compromised meeting scheduler named\u00a0AgreeTo\u00a0was used to steal over 4,000 <a href=\"https:\/\/cybersecuritynews.com\/tykit-phishing-kit\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft account credentials<\/a>, credit card numbers, and answers to banking security questions.<\/p>\n<p>AgreeTo began as a legitimate open-source project published to the <a href=\"https:\/\/cybersecuritynews.com\/outlook-add-ins-weaponized\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Office Add-in Store<\/a> in December 2022.<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh_nSyqz76AZQQ4OeTb0CsgzxQPAOA6nAoZdqs5GUviG4eEDgqRKPjzwufH1ZywEAsei0QIe7PdbagfhJqzJCWWE0V8VUPXlxoVTEA5ZqEkwV_zF9wKOtW8yrmld7PjGibaDn-0odtmtzfxwwej_ZMs5sfc-mLG3SAJuwnXTpOTKZSbtFDbRmbWZqPriQo\/s1600\/Screenshot%25202026-02-12%2520120942%2520%25281%2529.webp?ssl=1\" alt=\"Koidex report for AgreeTo add-in (Source: Koi AI)\"><figcaption class=\"wp-element-caption\"><em>Koidex report for AgreeTo add-in (Source: Koi AI)<\/em><\/figcaption><\/figure>\n<p>It was a functional meeting tool with positive reviews. However, the developer eventually abandoned the project and deleted the associated Vercel deployment.<\/p>\n<p>This left the add-in\u2019s hosting URL (outlook-one.vercel.app) orphaned and available for registration.\u200b An attacker claimed the available URL and deployed a phishing kit.<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj6UlcF2rDcMEXd9DbQHsxpkKqzzLXNWU6qpksCuM-OCwIRNGcIUfl6Jo5QjXjSBwF227o4-kNYxoDkhyphenhyphen17w7AXhKKMi4v-T8hAf99Ix5hg5Fv4M3tXrq-kN6Kfijs7o8bnhDinpaW4qHfffeAzXpLrrkk4VRgT9PrTqMAoJBNHud_xWsdH7J7ArCykETo\/s1600\/Screenshot%25202026-02-12%2520120756%2520%25281%2529.webp?ssl=1\" alt=\"AgreeTo page on Office Add-ins marketplace(Source: Koi AI)\"><figcaption class=\"wp-element-caption\">AgreeTo page on the Office Add-ins marketplace <em>(Source: Koi AI)<\/em><\/figcaption><\/figure>\n<p>Because the add-in was never removed from Microsoft\u2019s store, the <a href=\"https:\/\/cybersecuritynews.com\/threat-actors-attacking-ics-computers\/\" target=\"_blank\" rel=\"noreferrer noopener\">attacker\u2019s phishing page<\/a> was served directly in the trusted Outlook sidebar to anyone who still had the add-in installed or had downloaded it fresh.\u200b<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-the-technical-flaw-remote-dynamic-dependencies\"><strong>The Technical Flaw: Remote Dynamic Dependencies<\/strong><\/h2>\n<p>The attack exploited the architecture of Office add-ins. Unlike traditional installed software, add-ins are \u201cremote dynamic dependencies,\u201d essentially XML manifests that load a URL in an iframe.\u200b<\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th><strong>Stage<\/strong><\/th>\n<th><strong>Description<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>The Gap<\/strong><\/td>\n<td>Microsoft reviews the manifest only during the initial submission (2022 in this case).<\/td>\n<\/tr>\n<tr>\n<td><strong>The Exploit<\/strong><\/td>\n<td>Microsoft does not continuously verify the live content hosted at the approved URL.<\/td>\n<\/tr>\n<tr>\n<td><strong>The Result<\/strong><\/td>\n<td>The attacker swapped the scheduling tool with a fake Microsoft login page without triggering a new security review.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>When victims opened AgreeTo, they were prompted to log in. A script harvested their credentials and IP addresses, sending the data to the attacker <a href=\"https:\/\/cybersecuritynews.com\/hackers-use-google-forms-and-telegram-bots-to-collect-phished-credentials\/\" target=\"_blank\" rel=\"noreferrer noopener\">via a Telegram bot.<\/a><\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhShl3HcwVx6K8U9s_VQ5UTDZScK33HGAfZmjnB6LvUOZEsnddjA9Eq9Hjbd1vbA9-JL1sR1_Vp2S94j5QoKCUju56JZNf5DQbOxGZVxutNNHOTrHHJHoMYvF2kVdlTdBwLyDDhApRxVArmV3a7TVkewbGUzd5zWN1nvQ0TebDUDFUk_JsWtBd0JtEZc9I\/s1600\/Screenshot%25202026-02-12%2520120850%2520%25281%2529.webp?ssl=1\" alt=\"Add-in Displays Fake Login(Source: Koi AI)\"><figcaption class=\"wp-element-caption\">Add-in Displays Fake Login <em>(Source: Koi AI)<\/em><\/figcaption><\/figure>\n<\/div>\n<p>\u200b<a href=\"https:\/\/www.koi.ai\/blog\/agreetosteal-the-first-malicious-outlook-add-in-leads-to-4-000-stolen-credentials\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Koi Security discovered the campaign<\/a> after identifying the attacker\u2019s poorly secured exfiltration channel.<\/p>\n<p>They recovered the full dataset of 4,000 victims, which included banking details and security answers targeting Canadian institutions.<\/p>\n<p>The add-in had \u201cReadWriteItem\u201d permissions, which technically allowed the attacker to read and modify users\u2019 emails. However, the attack primarily focused on credential harvesting.\u200b<\/p>\n<p>Microsoft has removed the add-in following the report. This incident highlights a <span style=\"box-sizing: border-box; margin: 0px; padding: 0px;\">critical<a href=\"https:\/\/cybersecuritynews.com\/best-supply-chain-risk-management-solutions\/\" target=\"_blank\" rel=\"noopener\">\u00a0supply chain risk<\/a>: trusted software can silently become<\/span> malicious years after approval if its infrastructure is abandoned.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/microsoft-outlook-add-in-stolen-credentials\/\">Microsoft Outlook Add-in Stolen 4,000 Microsoft account Credentials and Credit Card Numbers<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/microsoft-outlook-add-in-stolen-credentials\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Outlook Add-in Stolen 4,000 Microsoft account Credentials and Credit Card Numbers Security researchers have identified the first documented instance of a malicious Microsoft Outlook add-in being used against users in real-world scenarios. A compromised meeting scheduler named\u00a0AgreeTo\u00a0was used to steal over 4,000 Microsoft account credentials, credit card numbers, and answers to banking security questions. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1636,129,63,158],"tags":[130],"class_list":["post-10603","post","type-post","status-publish","format-standard","hentry","category-cyber-attack-news","category-cyber-security","category-cyber-security-news","category-microsoft","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10603"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=10603"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/10603\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=10603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=10603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=10603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}