- Discontinued Outlook add-in AgreeTo hacked in phishing kit stealing Microsoft accounts
- Attackers stole 4,000 accounts, credit card data and banking security responses
- Microsoft removed the add-in; users are asked to reset their passwords and monitor their financial activity
Hackers took a legitimate, but abandoned, add-in project for Microsoft Outlook and turned it into a full-blown phishing kit, experts have warned.
Koi security researchers said they discovered AgreeTo, an Outlook companion meeting scheduler with a relatively large user base on the email provider.
This scheduler was developed by an independent researcher and landed on the Microsoft Office Add-ins store in December 2022, but has since been abandoned, with the URL that pointed to the content loaded in Outlook having been taken over by the malicious actor. They used it to install a phishing kit, so that when someone opened the add-in, they were presented with a fake Microsoft login page.
Microsoft intervenes
Koi researchers managed to access the attacker’s exfiltration channel (which used a Telegram bot API) and discovered that more than 4,000 Microsoft accounts had been stolen. To make matters even worse, the threat actors also obtained people’s credit card numbers and banking security answers, which is more than enough information to carry out fraudulent wire transfers.
They also found that it was an active campaign, with the criminals testing the stolen credentials to see which ones worked and which would be useful in the future.
Microsoft was alerted and the company has now removed the add-in from its repository.
Koi also said that whoever is behind this attack is running “at least a dozen” other phishing kits. These target ISPs, banks, and webmail providers, but we don’t know how successful they are compared to that of Outlook AgreeTo.
What we do know is that this is the first malware discovered in the official Microsoft marketplace and the first malicious Outlook add-in detected in the wild. BeepComputer said.
Users are advised to remove the add-in from their Outlook instances without hesitation and reset all their passwords. Keeping an eye on bank statements for any suspicious transactions would also be a good move.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
