Malicious Outlook add-in “AgreeToSteal” hijacked a deleted subdomain.

technadu@infosec.exchange

Malicious Outlook add-in “AgreeToSteal” hijacked a deleted subdomain.

Result:
• 4,000+ accounts compromised
• Fake Microsoft login inside Outlook
• Credit cards + banking data stolen
Manifest validated once. External URL later hijacked.
Architectural gap exposed.

Malicious Outlook Add-In 'AgreeToSteal' Compromises 4,000 Accounts via Subdomain Takeover

A malicious Outlook add-in named 'AgreeToSteal' compromised 4,000 accounts by exploiting abandoned infrastructure in a phishing attack.

TechNadu (www.technadu.com)

#InfoSec #Microsoft365 #Phishing #SaaSSecurity