- CoPhish uses Copilot Studio agents to spoof OAuth tokens using fake login flows
- Attackers exploit Microsoft domains to appear legitimate and access sensitive user data.
- Mitigations include restricting app consent, enforcing MFA, and monitoring OAuth activity.
Security researchers at Datadog Security Labs are warning of a new phishing technique that weaponizes Microsoft Copilot Studio agents to steal OAuth tokens and gives attackers access to sensitive information in emails, chats, calendars, and more.
The technique is called CoPhish, and although Microsoft confirmed that it is a social engineering technique, it acknowledged it and said it will work to fix it.
Here’s how it works: An attacker can create or share a Copilot Studio agent (called a “Topic”), whose user interface includes a “Login” or consent flow. If a victim clicks the button, the flow will request Microsoft Login/OAuth permissions. By approving the request, the victim essentially hands OAuth tokens to the attackers, who can then use them to access mail, chat, calendar, files, and automation capabilities within the victim’s tenant.
Address through product updates
The technique is particularly dangerous, Datadog stressed, because the agents use legitimate Microsoft domains (copilotstudio.microsoft.com). This, along with the agent’s user interface, could cause the victim to believe in its authenticity and let their guard down.
Microsoft acknowledged the potential for abuse and confirmed it would be working to fix it: “We have investigated this report and are taking steps to address it through future product updates,” a spokesperson said.
“While this technique is based on social engineering, we remain committed to strengthening our governance and consent experiences and are evaluating additional safeguards to help organizations prevent misuse.”
If you are concerned about being attacked in this way, there are immediate mitigation measures that can reduce the risk. That includes restricting consent from third-party apps (requires admin consent), enforcing conditional access and MFA, blocking (or closely reviewing) Copilot Studio shared and published agents, monitoring unusual app registrations and granted OAuth tokens, and revoking suspicious tokens and apps.
Through beepcomputer
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
The best antivirus for all budgets
