88/69 Friday, February 13, 2026
A cybersecurity monitoring center has identified a new attack vector involving a malicious add-in distributed through the Microsoft Office Store-the first incident of its kind. An application named AgreeTo, originally a legitimate meeting scheduling tool, was compromised after threat actors took control of an unused developer domain (an orphaned URL) and converted it into a phishing platform. As a result, more than 4,000 Microsoft user accounts had sensitive data stolen, including passwords, credit card details, and financial security questions. The harvested information was reportedly transmitted to hackers via a Telegram bot, making the incident particularly severe due to its spread through a trusted distribution channel.
The attack technique was highly sophisticated. When users activated the AgreeTo add-in within Outlook, a fraudulent sign-in window appeared that perfectly mimicked Microsoft’s legitimate login interface, leading unsuspecting users to submit their credentials. For organizations that rely heavily on Microsoft 365 and Outlook for daily operations, this threat poses a direct business risk. Microsoft typically reviews applications only once during the approval process for the Store; afterward, developers can freely modify content hosted on their servers-creating an opportunity for attackers to exploit and deploy phishing content without immediate detection.
Microsoft has since removed the AgreeTo add-in from the Marketplace. However, experts strongly advise anyone who previously installed the add-in in Outlook to uninstall it immediately, change their Microsoft account password, and review account activity for any suspicious access. Enabling multi-factor authentication (MFA) is also recommended as an additional layer of protection. Researchers further noted that the hacker group behind this campaign is targeting multiple internet service providers and banks worldwide, making continuous vigilance and regular audits of active add-in permissions essential in today’s threat landscape.