A new phishing method called βCoPhishβ exploits Microsoft Copilot Studio agents to steal user session tokens via legitimate Microsoft domains. Microsoft plans to address the vulnerabilities with future updates, but organizations should enhance their security policies now. #CoPhish #MicrosoftCopilotStudio
Keypoints
- CoPhish uses Microsoft Copilot Studio agents to deliver phishing attacks through OAuth consent requests.
- An attacker can customize the sign-in process to redirect to malicious URLs and collect session tokens.
- The attack can target both administrators and unprivileged users within an organization.
- Microsoft is working on updates to mitigate these risks, but existing protections are limited.
- Organizations are advised to implement strong application consent policies and monitor app creation activities.