CoPhish Breach Uses Microsoft Copilot to Steal Tokens

A new phishing campaign, dubbed CoPhish, exploits Microsoft Copilot Studio to steal OAuth tokens by mimicking legitimate Microsoft services. The CoPhish breach uses Microsoft Copilot’s customizable AI agents hosted on trusted domains to disguise malicious OAuth consent attacks, increasing the likelihood that users will approve harmful app permissions.

According to Datadog Security Labs, attackers build deceptive chatbots using trial licenses on their own or compromised tenants. These bots prompt users to log in, then exfiltrate tokens through backdoored authentication workflows. The CoPhish breach uses Microsoft Copilot’s interface to request broad Microsoft Graph permissions like Mail.ReadWrite or Calendars.ReadWrite, depending on the target’s role.

The phishing flow directs victims to a familiar-looking page that routes tokens through Microsoft IPs, bypassing detection. Experts recommend disabling user app creation and closely monitoring Entra ID logs. As AI platforms rapidly evolve, organizations must enforce stronger consent policies to counter these emerging threats.

New CoPhish Attack Exploits Copilot Studio to Exfiltrate OAuth Tokens