Overview
- Koi Security found the AgreeTo add-in was taken over after its Vercel-hosted URL was abandoned by the original developer and then reclaimed by an attacker.
- The hijacked add-in served a fake Microsoft sign-in inside Outlook, captured passwords, exfiltrated data via the Telegram Bot API, and redirected users to the real login page.
- Researchers recovered more than 4,000 stolen Microsoft account credentials plus credit card numbers and banking security answers, and observed the attacker testing compromised accounts.
- The add-in retained ReadWriteItem permissions that could allow email reading or modification, though investigators did not confirm mailbox abuse.
- Reporting differs on whether Microsoft has removed the listing, as researchers urge re-review of changing content, domain ownership verification, delisting of stale add-ins, and visibility into install counts.