Cybersecurity experts have identified what is believed to be the first malicious add-in for Microsoft Outlook, raising concerns over supply chain vulnerabilities. According to Koi Security, an unidentified attacker took control of a domain linked to a discontinued legitimate add-in, using it to orchestrate a phishing operation that compromised over 4,000 user credentials. This incident has been labeled AgreeToSteal by the security firm.
Details of the AgreeTo Add-In Exploit
The add-in implicated in this attack is known as AgreeTo, designed to integrate various calendars into a single platform for users. Despite being last updated in December 2022, the add-in became the target of a sophisticated phishing campaign. Idan Dardikman, co-founder and CTO of Koi Security, explained that this event marks an evolution in supply chain attack strategies.
This attack mirrors previous vulnerabilities seen in browser extensions and npm packages, where trusted distribution channels are exploited. Office add-ins, however, present unique challenges due to their integration with Outlook, where sensitive data is often handled. Such add-ins are distributed through Microsoft’s marketplace, which implies a certain level of trust from users.
Mechanics of the Attack
The attack capitalizes on the operational framework of Office add-ins and the lack of ongoing monitoring for content changes. Microsoft requires add-in developers to submit their solutions for approval through the Partner Center. However, there is no mechanism to check the dynamic content served by the add-in post-approval.
In the AgreeTo case, the attacker exploited an expired domain link within the add-in’s manifest file, directing it to a Vercel-hosted URL that was no longer managed by the original developer. This oversight allowed the attacker to deploy a phishing kit that mimicked Microsoft’s sign-in page, capturing users’ login details and transmitting them via the Telegram Bot API.
Security Implications and Recommendations
The AgreeTo incident underscores the potential for even greater threats, given that the add-in was configured with permissions that could allow email access and modification. Such vulnerabilities stress the need for robust security checks and ongoing monitoring of add-in content.
Koi Security suggests several measures Microsoft could implement to mitigate these risks, including re-evaluating add-ins when their linked URLs change, verifying domain ownership, and flagging add-ins with prolonged inactivity. Additionally, displaying installation counts could help assess the impact of such tools.
This issue is not isolated to Microsoft’s platforms. Other marketplaces, such as the VS Code Marketplace, are also reevaluating their security protocols to prevent similar vulnerabilities. The fundamental problem lies in the approval process that does not account for subsequent content changes, a challenge that extends across various platforms hosting dynamic dependencies.
