- CoPhish uses Copilot Studio agents to phish OAuth tokens via fake login flows
- Attackers exploit Microsoft domains to appear legitimate and gain access to sensitive user data
- Remediation includes limiting app consent, enforcing MFA, and monitoring OAuth activity
Security researchers from Datadog Security Labs are warning of a new phishing technique that weaponizes Microsoft Copilot Studio agents to steal OAuth tokens and gives attackers access to sensitive information in emails, chats, calendars and more.
The technique is called CoPhish, and while Microsoft confirmed it is a social engineering technique, it acknowledged it and said it will work to fix it.
How it works: An attacker can build or share a Copilot Studio agent (called a “Topic”) whose user interface includes a “Login” or consent flow. If a victim clicks the button, the flow will request Microsoft Entra/OAuth permissions. By approving the request, the victim essentially hands over OAuth tokens to attackers, who can then use them to access mail, chat, calendar, files, and automation functions inside the victim’s tenant.
Addressing through product updates
The technique is particularly dangerous, Datadog stressed, because the agents use legitimate Microsoft domains (copilotstudio.microsoft.com). This, along with the agent’s user interface, could make the victim believe its authenticity and lower their guard.
Microsoft has acknowledged the potential for abuse and confirmed it would work to address it: “We have investigated this report and are taking steps to address it through future product updates,” a spokesperson said.
“While this technique relies on social engineering, we remain committed to hardening our governance and consent experiences and are evaluating additional security measures to help organizations prevent abuse.”
If you are concerned about being targeted in this way, there are immediate restrictions in place that can reduce the risk. It includes limiting third-party app consent (requires administrator consent), enforcing Conditional Access and MFA, blocking (or scrutinizing) Copilot Studio’s shared and published agents, monitoring unusual app registrations and allocated OAuth tokens, and revoking suspicious tokens and apps.
Via Bleeping Computer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
The best antivirus for all budgets
