CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Malicious Outlook Add-in Hijacked to Steal 4,000 Microsoft Credentials

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A legitimate AgreeTo Outlook add-in was hijacked and turned into a phishing kit, stealing over 4,000 Microsoft account credentials. The attackers seized control of an abandoned domain associated with the add-in to serve a fake Microsoft login page. This incident highlights how overlooked and abandoned assets can become attack vectors. The add-in, distributed through Microsoft's store, ran inside Outlook, where users handle sensitive communications. It could request permissions to read and modify emails, exploiting the implicit trust in Microsoft's store. Microsoft has since removed the add-in from its store.

Timeline

  1. 16.02.2026 14:55 1 articles · 9h ago

    AgreeTo Outlook Add-in Hijacked for Phishing Campaign

    A legitimate AgreeTo Outlook add-in was hijacked and turned into a phishing kit, stealing over 4,000 Microsoft account credentials. The attackers seized control of an abandoned domain associated with the add-in to serve a fake Microsoft login page. Microsoft has since removed the add-in from its store.

    Show sources
    Open in new tab

Information Snippets