Home > Security > Security News

Malicious Outlook Add-In ‘AgreeToSteal’ Compromises 4,000 Accounts via Subdomain Takeover

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
outlook
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Abandonware Exploitation: Threat actors executed a subdomain takeover of a legitimate but discontinued Outlook add-in by registering its previously deleted hosting subdomain.
  • Extensive Compromise: The operation resulted in the exfiltration of more than 4,000 accounts via a fraudulent Microsoft authentication interface deployed within the Outlook client environment.
  • Architectural Vulnerability: This incident demonstrates a fundamental security gap in Microsoft's add-in ecosystem, where validated manifests reference external URLs that remain susceptible to modification without subsequent security validation. 

The first confirmed deployment of a malicious Outlook add-in in production environments, designated "AgreeToSteal," exploited a legitimate calendar management application called "AgreeTo," which had been discontinued by its developer, and stole more than 4,000 credential sets, payment card data, and banking information.

Following the deletion of the developer's Vercel deployment infrastructure, the associated subdomain (outlook-one.vercel.app) became available for external registration, and malicious actors claimed it, replacing the original scheduling functionality with a credential-harvesting framework. 

Microsoft Office Add-In Security Architecture Deficiencies

Microsoft's infrastructure continued to distribute the original, signed manifest referencing this URL, enabling the AgreeToSteal phishing operation to execute via authenticated channels within the Outlook interface.

The phishing page | Source: Koi Security
The phishing page | Source: Koi Security

Upon add-in activation, targets encountered a phishing page displaying a counterfeit Microsoft authentication form instead of the expected scheduling interface, and exfiltrated data via Telegram.

The campaign, documented by Koi cybersecurity analysts, has facilitated the compromise of over 4,000 Microsoft account credentials, credit card numbers, and banking security answers. 

The attacker's code sends data to Telegram | Source: Koi Security
The attacker's code sends data to Telegram | Source: Koi Security

Microsoft Office add-ins operate as externally hosted dynamic components, and the company conducts security assessments exclusively during initial manifest submission. 

Cybersecurity Implications for Email Platform Infrastructure

The 'AgreeToSteal' campaign validates that point-in-time security assessments prove insufficient. Researchers highlight that this is a professional, multi-brand phishing operation, as the same attacker operates at least 12 distinct phishing kits, each impersonating a different brand, including Canadian ISPs, banks, and webmail providers. 

The stolen data included not just email credentials but credit card numbers, CVVs, PINs, and banking security answers used to intercept Interac e-Transfer payments.” 

This month, a Notepad++ hijacking incident deploying a backdoor was linked to a Lotus Blossom campaign. In July 2025, aviation executives were targeted by a phishing scam leveraging fake Microsoft 365 login pages.

Add a Comment
Related
Chat - Bot -Message - Prompt - Click
Poisoning of AI Buttons for Recommendations Rise as Attackers Hide Instructions in Over 50 Web Links, Microsoft Warns
Telegram App 3D Icon
Russia Restricts Telegram Access to Promote State-Controlled App Max, Potential Fines Exceed $820,000
payroll
Payroll Fraud: Direct Deposit Attacks Target Payroll Systems Like Workday via Social Engineering
Trenchant Boss Sold Advanced Cyber Tools that Could Compromise Millions of Computers Worldwide to Russian Broker, DOJ Says
AI - Confused - Robot - Text - Image - Context - Question
AI Agents Leak Data via Messaging App Link Previews as AI Adoption Has Outpaced Security Governance
Airman Pleads Guilty to Receiving Child Pornography at Joint Base, Philadelphia Man Sentenced to 15 Years in Similar Case
Most Popular
Chat - Bot -Message - Prompt - Click
Poisoning of AI Buttons for Recommendations Rise as Attackers Hide Instructions in Over 50 Web Links, Microsoft Warns
Telegram App 3D Icon
Russia Restricts Telegram Access to Promote State-Controlled App Max, Potential Fines Exceed $820,000
payroll
Payroll Fraud: Direct Deposit Attacks Target Payroll Systems Like Workday via Social Engineering
Trenchant Boss Sold Advanced Cyber Tools that Could Compromise Millions of Computers Worldwide to Russian Broker, DOJ Says
AI - Confused - Robot - Text - Image - Context - Question
AI Agents Leak Data via Messaging App Link Previews as AI Adoption Has Outpaced Security Governance
NordVPN Birthday Offers Save Up to 76% and Get Amazon or Bol.com Gift Cards
NordVPN Birthday Offers: Save Up to 76% and Get Amazon or Bol.com Gift Cards
Poisoning of AI Buttons for Recommendations Rise as Attackers Hide Instructions in Over 50 Web Links, Microsoft Warns
Russia Restricts Telegram Access to Promote State-Controlled App Max, Potential Fines Exceed $820,000
Payroll Fraud: Direct Deposit Attacks Target Payroll Systems Like Workday via Social Engineering
Trenchant Boss Sold Advanced Cyber Tools that Could Compromise Millions of Computers Worldwide to Russian Broker, DOJ Says
AI Agents Leak Data via Messaging App Link Previews as AI Adoption Has Outpaced Security Governance
NordVPN Birthday Offers: Save Up to 76% and Get Amazon or Bol.com Gift Cards

Most Popular
Chat - Bot -Message - Prompt - Click
Poisoning of AI Buttons for Recommendations Rise as Attackers Hide Instructions in Over 50 Web Links, Microsoft Warns
Telegram App 3D Icon
Russia Restricts Telegram Access to Promote State-Controlled App Max, Potential Fines Exceed $820,000
payroll
Payroll Fraud: Direct Deposit Attacks Target Payroll Systems Like Workday via Social Engineering
Trenchant Boss Sold Advanced Cyber Tools that Could Compromise Millions of Computers Worldwide to Russian Broker, DOJ Says
AI - Confused - Robot - Text - Image - Context - Question
AI Agents Leak Data via Messaging App Link Previews as AI Adoption Has Outpaced Security Governance
NordVPN Birthday Offers Save Up to 76% and Get Amazon or Bol.com Gift Cards
NordVPN Birthday Offers: Save Up to 76% and Get Amazon or Bol.com Gift Cards
Poisoning of AI Buttons for Recommendations Rise as Attackers Hide Instructions in Over 50 Web Links, Microsoft Warns
Russia Restricts Telegram Access to Promote State-Controlled App Max, Potential Fines Exceed $820,000
Payroll Fraud: Direct Deposit Attacks Target Payroll Systems Like Workday via Social Engineering
Trenchant Boss Sold Advanced Cyber Tools that Could Compromise Millions of Computers Worldwide to Russian Broker, DOJ Says
AI Agents Leak Data via Messaging App Link Previews as AI Adoption Has Outpaced Security Governance
NordVPN Birthday Offers: Save Up to 76% and Get Amazon or Bol.com Gift Cards

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: