A forgotten meeting scheduler called AgreeTo became AgreeToSteal after cybercriminals claimed its abandoned backend URL, silently harvesting over 4,000 users’ passwords, banking details, and credit card data during maintaining a 4.71-star rating in Microsoft’s official store. The threat actor deployed phishing kits through the expired Vercel address without altering any code, exploiting a fundamental flaw in Microsoft’s add-in verification process that only checks initial manifests—not dynamic content served afterward. Microsoft yanked the add-in February 12, 2026, but the damage exposes how trusted marketplaces can harbor invisible threats lurking beneath glowing reviews and official endorsements.

A forgotten meeting scheduler became a master key to thousands of Microsoft accounts after cybercriminals hijacked an abandoned Outlook add-in still sitting in Microsoft’s official marketplace.

The AgreeTo add-in, originally a legitimate scheduling tool launched in December 2022, quietly transformed into what security researchers now refer to as AgreeToSteal—the first confirmed malicious Outlook add-in to bypass Microsoft’s storefront protections. Over 4,000 users had their credentials stolen, along with credit card numbers, CVVs, PINs, and banking security answers. The kicker? It maintained a respectable 4.71-star rating even while doing so.

Over 4,000 victims and a 4.71-star rating—proof that even official marketplaces can harbor sophisticated threats hiding in plain sight.

Here’s how the scam worked. After the independent developer abandoned the project, they allowed the backend URL—outlook-one.vercel.app—to expire. A sophisticated threat actor noticed this, claimed the orphaned Vercel address, and deployed a professional-grade phishing kit without altering a single line of code in Microsoft’s store. No new submission was necessary. No review process was triggered. The original manifest file, reviewed and digitally signed years earlier, still pointed to that URL.

When users opened the add-in, Outlook’s sidebar dutifully loaded the hijacked page: a convincing Microsoft login prompt that collected credentials and sent them via Telegram Bot API along with IP data. Victims were then redirected to the legitimate login.microsoftonline.com portal, leaving most unsuspecting. The attacker didn’t even need to misuse the add-in’s ReadWriteItem permissions, which theoretically allowed email reading and modification.

Koi Security discovered the operation on February 11, 2026, after stumbling upon the attacker’s active Telegram channel. Researchers observed in real-time as the threat actor tested freshly stolen credentials. Analysis revealed this wasn’t the work of an opportunistic amateur—the operation maintained at least twelve different phishing kits targeting ISPs, banks, and webmail providers. Canadian users faced particular risk, with specialised pages designed to intercept Interac e-Transfer payment details. The four-page phishing kit included fake Microsoft login screens, password collection mechanisms, Telegram-based data exfiltration, and seamless redirects to legitimate pages.

Microsoft removed the add-in on February 12, 2026, but the damage exposes a fundamental flaw in the company’s store architecture. Unlike browser extensions that face ongoing scrutiny, Outlook add-ins receive no post-approval verification. They can load dynamic content from external URLs without continuous security checks. Microsoft’s initial review process only examines the manifest file itself, leaving no mechanism to detect when approved URLs later serve malicious content. Sign once, phish forever.

The attack further underscores our collective trust in official marketplaces. When an add-in carries Microsoft’s implicit endorsement and thousands of positive ratings, who questions the login prompt? That psychological advantage allowed a relatively simple URL hijacking to punch well above its weight class.

If you’ve installed AgreeTo—or, frankly, any add-in you’re not actively using—remove it immediately. Reset passwords. Activate multifactor authentication, which would have thwarted this attack despite the stolen credentials. Microsoft’s marketplace may carry the brand’s polish, but this incident proves even trusted storefronts require skepticism. Your inbox deserves better gatekeepers.

Final Thoughts

This recent breach underscores a significant concern: even verified marketplaces can fall victim to exploitation. Microsoft’s vetting process requires reevaluation, and users should approach “trusted” add-ins with caution, scrutinizing permissions as they would fine print in a dubious contract. It’s essential to activate multi-factor authentication immediately. The key takeaway? The security of your inbox relies more on your vigilance than on store badges.

If you’re feeling uncertain about your email security or need assistance navigating these risks, the Computer Repairs Perth Team is here to help. We can guide you in implementing robust security measures and offer support in safeguarding your digital assets. Don’t wait—click on our contact us page to get in touch and ensure your systems are protected.