- Abandoned Outlook AgreeTo add-on hijacked in phishing kit that steals Microsoft accounts
- The attackers stole 4,000 accounts, credit card data and bank security responses.
- Microsoft removed the plugin; Users are urged to reset passwords and monitor financial activity.
Experts warned that hackers took over a legitimate but abandoned add-in project for Microsoft Outlook and turned it into a full-fledged phishing kit.
Security researchers Koi said they discovered AgreeTo, an Outlook add-on meeting scheduler with a relatively large user base on the email provider.
This scheduler was developed by an independent researcher and arrived in the Microsoft Office Add-ons store in December 2022, but has since been abandoned, with the malicious actor picking up the URL pointing to content that loads in Outlook. They used it to install a phishing kit, so when a person opens the add-on, they are presented with a fake Microsoft login page.
Microsoft intervenes
Koi researchers managed to access the attacker’s exfiltration channel (which used a Telegram bot API) and discovered that more than 4,000 Microsoft accounts had been stolen. To make matters even worse, the threat actors also obtained people’s credit card numbers and bank security responses, which is more than enough information to make fraudulent wire transfers.
They also discovered that this was an active campaign, with bad actors testing stolen credentials to see which ones worked and which would be valuable in the future.
Microsoft was alerted and the company removed the plugin from its repository.
Koi also said that whoever is behind this attack runs “at least a dozen” other phishing kits. These target ISPs, banks and webmail providers, but we don’t know how successful they are, compared to Outlook AgreeTo.
What we do know is that this is the first malware to be found on the official Microsoft Marketplace and the first malicious Outlook add-on to be detected in the wild. beepcomputer saying.
Users are recommended to remove the add-in from their Outlook instances without hesitation and reset all their passwords. It would also be a good decision to monitor your bank statements for any suspicious transactions.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
