outlook-one.vercel.app, hosted on the Vercel development platform, from which users download the software.”Microsoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content the UI, the logic, everything the user interacts with is fetched live from the developer’s server every time the add-in opens,” said Koi Security’s researchers. By grabbing the abandoned subdomain, the attacker gained control of whatever the URL in the original manifest pointed to. This content was replaced with a new URL pointing to a phishing kit comprising a fake Microsoft sign-in page for password collection, an exfiltration script, and a redirect. The original manifest also granted the attacker permission to read and modify emails.”They didn’t submit anything to Microsoft. They weren’t required to pass any review. They didn’t create a store listing. The listing already existed Microsoft-reviewed, Microsoft-signed, Microsoft-distributed. The attacker just claimed an orphaned URL, and Microsoft’s infrastructure did the rest,” said Koi Security.Phished credentials and victim IP addresses were automatically sent to the attacker via a simple Telegram bot, without the need for complex command & control, Koi Security said.The researchers were able to get inside this infrastructure, discovering that 4,000 victims had fallen into the attacker’s phishing trap; all were later contacted by Koi Security to warn that their credentials had been compromised.The same attacker was found to be operating 12 different phishing kits impersonating a variety of banks and webmail providers, Koi Security added. Data stolen from these sites included credit card numbers, CVVs, PINs, and banking security answers used by recipients to receive payments made via the Interac e-Transfer system, as well as password credentials.The weakness revealed by the AgreeTo hijack is Microsoft’s add-in delivery architecture; it just distributes a simple, and potentially unreliable, URL. Because of this, Koi Security pointed out, “an add-in that’s clean on Monday can serve a phishing page on Tuesday or, as in this case, years later. Microsoft reviews the manifest at submission, but the actual content can change at any time without further review.”Ironically, the weakness was identified as long ago as 2019 by another security company, MDSec. AgreeTo is believed to be the first malicious Outlook add-in ever discovered on the Microsoft Marketplace, which might explain why deeper URL checking wasn’t implemented after this research.As of February 12, the AgreeTo add-in is no longer available from Microsoft Marketplace. Anyone still using AgreeTo is advised to remove it as soon as possible, and to reset their Microsoft account passwords.A separate AgreeTo extension for Chrome stopped working in 2024; Google removed it in February 2025.This article originally appeared on Computerworld.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4131632/dead-outlook-add-in-hijacked-to-phish-4000-microsoft-office-store-users-2.html
