A popular Microsoft Outlook add-in has been hijacked to try and steal user accounts - here's how to stay safe

News
By published

Microsoft Outlook add-in was abandoned and taken over by hackers

Outlook
(Image credit: Shutterstock)
  • Abandoned Outlook add-in AgreeTo hijacked into phishing kit stealing Microsoft accounts
  • Attackers stole 4,000 accounts, credit card data, and banking security answers
  • Microsoft removed add-in; users urged to reset passwords and monitor financial activity

Hackers took over a legitimate, but abandoned, add-in project for Microsoft Outlook and turned it into a full-blown phishing kit, experts have warned.

Security researchers Koi said they discovered AgreeTo, an Outlook add-on meeting scheduler with a relatively large user base on the email provider.

This scheduler was developed by an independent researcher and landed on the Microsoft Office Add-in Store in December 2022, but has since been abandoned, with the URL which pointed to the content that gets loaded into Outlook was picked up by the malicious actor. They used it to plant a phishing kit, so that when a person opens up the add-in, they are presented with a fake Microsoft login page.

Microsoft steps in

Koi’s researchers managed to access the attacker’s exfiltration channel (which used a Telegram bot API) and discovered that more than 4,000 Microsoft accounts were stolen. To make matters even worse, the threat actors also obtained people’s credit card numbers and banking security answers, which is more than enough information to make fraudulent wire transfers.

They also found that this was an active campaign, with the miscreants testing stolen credentials to see which work, and which would be valuable going forward.

Microsoft was alerted, and the company has now removed the add-in from its repository.

Koi also said that whoever is behind this attack runs “at least a dozen” other phishing kits. These target internet service providers, banks, and webmail providers, but we don’t know how successful they are, compared to the Outlook AgreeTo one.

What we do know is that this is the first malware to be found on the official Microsoft Marketplace, and the first malicious Outlook add-in to be detected in the wild, BleepingComputer said.

Users are advised to remove the add-in from their Outlook instances without hesitation and reset all of their passwords. Keeping tabs on banking statements for any suspicious transactions would also be a good decision.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.