Logo
API_STATUS: OPTIMAL SYSTEM_LOAD: 12%> LATEST_CVE: CVE-2026-0012 [CRITICAL]> PATCH_UPLOAD: KB5034123 [SUCCESS]> INTEL_STREAM: REFRESHED_IN_2MS
Supply Chain AttackOutlookCredential TheftPhishingMicrosoft 365

AgreeToSteal: How an Abandoned Outlook Add-In Became a Credential Harvesting Weapon

2026-02-12 AUTHORED_BY: OBFUSCATED
AgreeToSteal: How an Abandoned Outlook Add-In Became a Credential Harvesting Weapon

AgreeToSteal: The Ghost Add-In That Harvested Thousands of Credentials

Software supply chain attacks don't always start with compromised build pipelines or poisoned packages. Sometimes, the weakest link is something far quieter: an abandoned project that nobody remembered to shut down.

The AgreeToSteal campaign exploited exactly this blind spot — hijacking a defunct Outlook add-in called "AgreeTo" to harvest over 4,000 Microsoft account credentials before being detected.

The Official Word

Security researchers disclosed that attackers identified "AgreeTo," a legitimate but abandoned Outlook scheduling add-in whose original domain registration had lapsed. The attack chain was surgical:

  1. Domain Takeover: Attackers registered the expired domain previously associated with the add-in.
  2. Fake Login Page: They hosted a pixel-perfect replica of the Microsoft sign-in page on the reclaimed domain.
  3. Credential Exfiltration: Stolen credentials were relayed in real-time via the Telegram Bot API, giving attackers immediate access to compromised accounts.

The add-in retained its original ReadWriteItem permissions within Microsoft's ecosystem. This means the attackers didn't just steal passwords — they had the theoretical capability to read and modify email contents for any user who still had the add-in installed.

Community Signal

The reaction across r/sysadmin and security forums has been a mix of alarm and frustration:

  • "We audit our SaaS stack quarterly, but nobody checks add-ins." — A recurring theme. Most organizations lack visibility into which Outlook or browser add-ins are installed across their fleet.
  • Marketplace Trust Erosion: Multiple engineers flagged that app marketplace ecosystems (Microsoft AppSource, Chrome Web Store) do not perform continuous re-evaluation of listed extensions. Once approved, an add-in can change hands without triggering a review.
  • Telegram as C2: The use of Telegram for exfiltration is increasingly common in phishing kits. It's free, encrypted, and trivial to automate with bots.

Analysis & Guidance

AgreeToSteal is a textbook example of supply chain rot — the risk that accumulates when software dependencies are deployed and forgotten. The attack required no zero-day exploit. No malware payload. Just a lapsed domain and residual trust.

What IT Teams Should Do Now

  1. Audit Installed Add-Ins: Use the Microsoft 365 Admin Center to enumerate all Outlook add-ins deployed across your tenant. Remove anything unrecognized or unmaintained.
  2. Restrict Sideloading: Enforce policies that prevent users from installing add-ins outside of a curated, organization-approved list.
  3. Monitor Domain Changes: For any third-party integrations, set up domain expiration alerts. If a vendor's domain lapses, treat it as a security incident.
  4. Review OAuth Permissions: Add-ins with ReadWriteItem or broader scopes represent elevated risk. Audit and revoke permissions that exceed what's necessary.
  5. Conditional Access Policies: Implement sign-in risk policies in Azure AD that flag authentication attempts originating from known phishing infrastructure.

Risk Rating: High

This is not a theoretical exercise. Over 4,000 credentials were confirmed stolen. If your organization uses Microsoft 365 and has ever installed third-party Outlook add-ins, an immediate audit is warranted.

Stay updated on the latest supply chain threats by checking our Intelligence Dashboard for real-time risk analysis.

END_OF_TRANSMISSION