- CoPhish uses Copilot Studio agents to phish for OAuth tokens via fake login flows
- Attackers exploit Microsoft domains to appear legitimate and access sensitive user data
- Mitigation measures include restricting app consent, enforcing MFA, and monitoring OAuth activity.
Security researchers at Datadog Security Labs are warning of a new phishing technique that uses Microsoft Copilot Studio agents to steal OAuth tokens and allows attackers to access sensitive information in emails, chats, calendars, and more.
The technique is called CoPhish, and while Microsoft has confirmed that it is a social engineering technique, it has acknowledged it and said it will work to fix it.
Here’s how it works: an attacker can create or share a Copilot Studio agent (called “Subject”), whose user interface includes a “Login” or consent flow. If a victim clicks the button, the flow will request Microsoft Entra/OAuth permissions. By approving the request, the victim essentially hands over the OAuth tokens to the attackers, who can then use them to access mail, chat, calendar, files, and automation features within the victim’s tenant.
Resolution via product updates
This technique is particularly dangerous, Datadog points out, because the agents use legitimate Microsoft domains (copilotstudio.microsoft.com). This, combined with the agent’s user interface, could make the victim believe its authenticity and let down their guard.
Microsoft acknowledged the potential for abuse and confirmed it would work to address it: “We have investigated this report and are taking steps to address it through future product updates,” a spokesperson said.
“While this technique relies on social engineering, we remain committed to strengthening our governance and consent experiences and are evaluating additional safeguards to help organizations prevent abuse.”
If you are concerned about being targeted in this way, there are immediate mitigation measures you can take that can reduce the risk. This includes restricting consent of third-party apps (requires admin consent), enforcing Conditional Access and MFA, blocking (or scrutinizing) shared and published Copilot Studio agents, monitoring unusual app registrations and granted OAuth tokens, and revoking suspicious tokens and apps.
Via BeepComputer
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
The best antivirus for every budget
