In a startling revelation that underscores the evolving sophistication of cyber threats, cybersecurity researchers have unearthed what is believed to be the first-ever malicious Microsoft Outlook add-in detected in the wild. Dubbed “AgreeToSteal” by Koi Security, this cunning supply chain attack managed to pilfer over 4,000 Microsoft credentials by exploiting a seemingly innocuous vulnerability: an abandoned legitimate add-in.
The AgreeToSteal Operation: A Digital Heist
The incident revolves around “AgreeTo,” an Outlook add-in designed to simplify calendar management and availability sharing. Developed legitimately and last updated in December 2022, the add-in eventually became abandonware. This is where the attackers saw their opportunity.
Exploiting Abandonment for Malice
The core of the attack lay in the add-in’s manifest file, which pointed to a URL hosted on Vercel (outlook-one.vercel[.]app). When the original developer’s Vercel deployment was deleted around 2023, the domain became claimable. An unknown threat actor swiftly seized control, transforming the once-benign URL into a phishing kit. This kit served a convincing fake Microsoft sign-in page, capturing user credentials before exfiltrating them via the Telegram Bot API and then redirecting victims to the authentic Microsoft login page – a seamless, deceptive loop.
A Broadening Horizon of Supply Chain Attacks
Idan Dardikman, co-founder and CTO of Koi Security, emphasized the significance of this incident, describing it as a broadening of supply chain attack vectors. “This is the same class of attack we’ve seen in browser extensions, npm packages, and IDE plugins: a trusted distribution channel where the content can change after approval,” Dardikman explained to The Hacker News.
Why Office Add-ins are Particularly Vulnerable
Dardikman highlighted several factors that make Office add-ins a prime target:
- They operate within Outlook, a hub for sensitive communications.
- They can request extensive permissions, such as “ReadWriteItem,” allowing them to read and modify emails.
- Their distribution through Microsoft’s official store inherently bestows a layer of implicit trust.
Crucially, Dardikman noted, “The AgreeTo case adds another dimension: the original developer did nothing wrong. They built a legitimate product and moved on. The attack exploited the gap between when a developer abandons a project and when the platform notices. Every marketplace that hosts remote dynamic dependencies is susceptible to this.”
The Technical Blind Spot: Dynamic Content and Stale Approvals
The vulnerability stems from the fundamental architecture of Office add-ins. Unlike traditional software with static code bundles, add-ins use a manifest file that merely declares a URL. The actual content is fetched and served in real-time from the developer’s server every time the add-in is opened within an iframe.
While Microsoft initially reviews the manifest during the submission phase, there’s a critical lack of continuous monitoring of the live content served by that URL. “Microsoft signed the manifest in December 2022, pointing to outlook-one.vercel.app. That same URL is now serving a phishing kit, and the add-in is still listed in the store,” Dardikman revealed, underscoring the severe implications of this oversight.
A Narrow Escape: The Greater Threat
While the theft of 4,000+ credentials is alarming, Koi Security warns that the outcome could have been far more devastating. Given the “ReadWriteItem” permissions granted to the AgreeTo add-in, a more sophisticated attacker could have injected JavaScript to covertly siphon entire mailboxes, exposing a treasure trove of sensitive information.
Charting a Path to Enhanced Security
To mitigate such risks and bolster the security of its marketplace, Koi Security has put forth several recommendations for Microsoft:
- Dynamic Content Re-review: Trigger a re-review process if an add-in’s URL begins serving content significantly different from its initial approval.
- Domain Ownership Verification: Implement mechanisms to verify ongoing domain ownership by the add-in developer and flag instances where infrastructure changes hands.
- Lifecycle Management: Establish a system for delisting or flagging add-ins that have remained unupdated for an extended period, indicating potential abandonment.
- Transparency in Impact: Display installation counts to help users and administrators assess the potential impact of a compromised add-in.
This incident serves as a stark reminder that the security of digital ecosystems relies not just on initial vetting, but on continuous vigilance and adaptive monitoring. As supply chain attacks continue to evolve, platforms like Microsoft’s marketplace must evolve their defenses to protect users from threats lurking in trusted channels.
For more details, visit our website.
Source: Link
Leave a comment