Cybersecurity researchers have uncovered the first known malicious Microsoft Outlook add-in discovered in the wild. This malware marks a significant expansion of supply chain attack vectors targeting email users, experts worry. The phishing campaign, tracked under the name AgreeToSteal, exploited an abandoned calendar-scheduling add-in to steal credentials from more than 4,000 Microsoft accounts, experts say.
The Outlook add-in in question, called AgreeTo, was initially a legitimate productivity tool that helped users consolidate calendar information and share availability. It was published to the Microsoft Office Add-ins Store in late 2022 and quietly remained available even after development ceased and the original developer’s domain expired.
When a victim opens the AgreeTo add-in inside Outlook, they are not presented with the promised meeting scheduler. Instead, the add-in displays what appears to be a legitimate Microsoft sign-in page.
After the user enters their email address and password, a simple JavaScript function quietly captures those credentials along with the victim’s IP address and transmits the data directly to the attacker using Telegram’s Bot API. The attack relies on no command-and-control servers or complex infrastructure. Only on a straightforward fetch() request.
A loading spinner then appears briefly before the user is seamlessly redirected to the genuine Microsoft login page, leading the victim to assume they simply needed to authenticate again. Unaware that their credentials have already been harvested, they continue using Outlook as normal. While the phishing mechanism itself is technically unsophisticated, its effectiveness lies in its delivery: the fake login runs inside Outlook, is distributed through Microsoft’s own add-in platform, and appears behind a trusted permission prompt, giving it a high degree of credibility.
To those unaware, Outlook add-ins are not some installed code; they’re actually URLs. When a developer wants to create one, they submit a manifest to Microsoft. This manifest is an XML file that essentially says, “Hey, load this URL in an iframe within Outlook.” Microsoft then reviews the manifest, gives it a signature, and lists the add-in in their store. However, the real magic happens when the content is pulled live from the developer’s server each time the add-in is opened.
Because Outlook add-ins operate inside the trusted Microsoft interface with permissions such as “ReadWriteItem,” a malicious actor could do far more than capture passwords, attackers with the right code could potentially read or modify emails and access sensitive mailbox contents, security researchers warn.
The details of the attack were researched by Koi Security.