This Outlook Add-in Was Hijacked to Steal 4,000 Microsoft Account Passwords

How the Attack Worked

Once the attacker controlled the add-in's hosting URL, they deployed a fake Microsoft sign in page that appeared in Outlook's sidebar. To users, it looked like a routine authentication prompt from Microsoft. In reality, it was a phishing page designed to steal credentials.

The stolen data was exfiltrated using the Telegram bot API, giving the attacker instant access to harvested credentials. After submitting their password, victims were redirected to the legitimate Microsoft login page, so most never realized anything was wrong.

The add-in also retained ReadWriteItem permissions, which could have allowed the attacker to read and modify user emails. Researchers found no evidence that this capability was used, but the access was there.

4,000 Credentials Stolen, Including Banking Data

Supply chain security firm Koi Security discovered the compromise on February 11, 2026, and accessed the attacker's exfiltration channel. What they found was alarming: over 4,000 Microsoft account credentials had been stolen, along with credit card numbers and banking security answers.

Worse, the researchers observed the attacker actively testing stolen credentials during their investigation, suggesting the operation was still in use when it was discovered. Microsoft removed the add-in from the store the same day Koi Security reported it.

Why This Attack Pattern Is Dangerous

This isn't the first time attackers have hijacked abandoned software infrastructure, and it won't be the last. The technique is effective for several reasons:

• Trust inheritance. The add-in had been approved by Microsoft's review process and listed in the official store since 2022. Users had no reason to distrust it.
• Invisible to victims. The phishing page loaded inside Outlook's sidebar, not in a separate browser window. There was no URL bar to inspect and no obvious warning signs.
• No reinstallation needed. Users who installed the add-in years ago didn't need to do anything for the attack to work. The malicious content loaded automatically through the existing installation.
• Platform blind spot. Microsoft's add-in store doesn't appear to monitor what happens to an add-in's hosting infrastructure after initial approval.

What You Should Do

If you've ever installed AgreeTo in Outlook, remove it immediately and change your Microsoft account password. Check your account for any unfamiliar activity, paying close attention to email forwarding rules that attackers often set up to maintain access after a password reset.

Beyond this specific incident, it's worth auditing all the add-ins installed in your Outlook client. Any add-in from a developer who is no longer maintaining it represents a potential future attack vector. Enterprises should consider restricting add-in installation to IT approved tools only and monitoring for orphaned extensions across their organizations.

A Growing Supply Chain Problem

The AgreeTo hijacking follows a pattern seen across browser extensions, npm packages, and now Office add-ins: attackers target abandoned software with existing install bases rather than building their own distribution from scratch. It's cheaper, faster, and comes with built in trust.

Until platform operators like Microsoft implement ongoing monitoring of add-in infrastructure, not just one time approval, users are on their own when it comes to verifying that the tools in their inbox are still safe.