Ethical Hacking News
Researchers have identified a new CoPhish attack that exploits Microsoft Copilot Studio agents to steal OAuth tokens, highlighting the importance of vigilance in protecting sensitive data and applications. Microsoft has taken immediate action to address the vulnerability through future product updates.
Microsoft has identified a new phishing technique called "CoPhish" that exploits Copilot Studio agents to deliver fraudulent OAuth consent requests. The CoPhish attack can steal sensitive OAuth tokens from unsuspecting users and organizations, allowing for unauthorized access to data or actions. Microsoft is taking immediate action to address the underlying causes of the vulnerability through future product updates. R Researchers recommend limiting administrative privileges, reducing application permissions, and enforcing governance policies to prevent CoPhish attacks.
Microsoft has recently become aware of a new phishing technique known as "CoPhish" that exploits the flexibility of its popular Copilot Studio agents to deliver fraudulent OAuth consent requests. The attack, which was discovered by researchers at Datadog Security Labs, is designed to steal sensitive OAuth tokens from unsuspecting users and organizations.
According to Microsoft spokespersons, the company has taken immediate action to address the underlying causes of the vulnerability. "We've investigated this report and are taking action to address it through future product updates," said a spokesperson. "While this technique relies on social engineering, we remain committed to hardening our governance and consent experiences and are evaluating additional safeguards to help organizations prevent misuse."
The CoPhish attack works by creating malicious multi-tenant apps that utilize the sign-in topic configured to direct to an authentication provider and collect the session token. Once the token is obtained, it can be used to access sensitive data or perform unauthorized actions.
Researchers from Datadog Security Labs have warned that users should limit administrative privileges, reduce application permissions, and enforce governance policies to protect against CoPhish attacks. Additionally, implementing a strong application consent policy, disabling user application creation defaults, and closely monitoring application consent via Entra ID and Copilot Studio agent creation events can also help prevent these types of attacks.
Microsoft's response to the CoPhish attack highlights the importance of vigilance in protecting sensitive data and applications. "We've investigated this report and are taking action to address it through future product updates," said a spokesperson. "While this technique relies on social engineering, we remain committed to hardening our governance and consent experiences and are evaluating additional safeguards to help organizations prevent misuse."
The CoPhish attack is a stark reminder of the ongoing threat posed by phishing techniques and the importance of implementing robust security measures to protect against these types of attacks. As Microsoft continues to work on addressing the underlying causes of this vulnerability, it's essential for users and organizations to remain vigilant and take proactive steps to prevent similar attacks in the future.
Researchers have identified a new CoPhish attack that exploits Microsoft Copilot Studio agents to steal OAuth tokens, highlighting the importance of vigilance in protecting sensitive data and applications. Microsoft has taken immediate action to address the vulnerability through future product updates.
Related Information:
https://www.ethicalhackingnews.com/articles/New-CoPhish-Attack-OAuth-Tokens-Stolen-via-Microsoft-Copilot-Studio-Agents-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-cophish-attack-steals-oauth-tokens-via-copilot-studio-agents/
Published: Sat Oct 25 12:13:33 2025 by llama3.2 3B Q4_K_M
