CoPhish token-stealing technique abusing Microsoft Copilot Studio agents
Technical Analysis
Summary
Hide ▲
Show ▼
Researchers detailed CoPhish, a token-stealing phishing technique that abuses Microsoft Copilot Studio agents and legitimate Microsoft-hosted domains to make OAuth consent lures look trusted. The flow can forward a victim's session token to attacker infrastructure while the user sees a normal chatbot experience. The technique raises risk for organizations that allow broad agent creation or consent approvals in Entra ID.
Related Happenings
Microsoft Teams and Defender for Office 365 add centralized external-user blocking controls
Security Tool/Service
First: 24.12.2025 18:22
Last: 24.12.2025 18:22
Sources 1
About this happening:
**Microsoft Teams** is gaining centralized controls that let security admins block **external users**, suspicious **domains**, and malicious content handling in **Defender for Off...
Microsoft Teams and Defender for Office 365 add centralized external-user blocking controls
Security Tool/ServiceAbout this happening: **Microsoft Teams** is gaining centralized controls that let security admins block **external users**, suspicious **domains**, and malicious content handling in **Defender for Off...
Microsoft Teams cross-tenant Defender blind spot security flaw
Vulnerability
First: 28.11.2025 10:33
Last: 28.11.2025 10:33
Sources 1
About this happening:
**Microsoft Teams** has a **cross-tenant Defender blind spot** where **guest invitations** can move chats outside an organization’s protection boundary, creating **phishing** and...
Microsoft Teams cross-tenant Defender blind spot security flaw
VulnerabilityAbout this happening: **Microsoft Teams** has a **cross-tenant Defender blind spot** where **guest invitations** can move chats outside an organization’s protection boundary, creating **phishing** and...
Microsoft Teams desktop client rolls out separate calling process and new security controls
Security Tool/Service
First: 25.11.2025 16:24
Last: 25.11.2025 16:24
Sources 1
About this happening:
**Microsoft Teams Desktop Client for Windows** is rolling out **ms-teams_modulehost.exe** in **January 2026**, splitting calling features into a separate process and changing how...
Microsoft Teams desktop client rolls out separate calling process and new security controls
Security Tool/ServiceAbout this happening: **Microsoft Teams Desktop Client for Windows** is rolling out **ms-teams_modulehost.exe** in **January 2026**, splitting calling features into a separate process and changing how...
OpenAI ChatGPT indirect prompt injection vulnerabilities GPT-4o/GPT-5 security flaw
Vulnerability
First: 05.11.2025 16:04
Last: 05.11.2025 16:04
Sources 1
About this happening:
**OpenAI's ChatGPT** has a newly disclosed set of **indirect prompt injection** flaws in **GPT-4o and GPT-5** that could let an attacker steal data from **users' memories and chat...
OpenAI ChatGPT indirect prompt injection vulnerabilities GPT-4o/GPT-5 security flaw
VulnerabilityAbout this happening: **OpenAI's ChatGPT** has a newly disclosed set of **indirect prompt injection** flaws in **GPT-4o and GPT-5** that could let an attacker steal data from **users' memories and chat...
Timeline
-
25.10.2025 19:16 1 articles · 7mo ago
CoPhish disclosure and Microsoft response
Initial DisclosureDatadog Security Labs described CoPhish, a phishing technique that abuses Microsoft Copilot Studio agents on copilotstudio.microsoft.com to present fraudulent OAuth consent requests through legitimate Microsoft domains and forward session tokens to attacker infrastructure via a Burp Collaborator URL. Microsoft said it has investigated the issue and plans future product updates for Copilot Studio governance and consent experiences, while recommending reduced administrative privileges, lower application permissions, and closer monitoring of consent and agent-creation activity in Entra ID.
Show sources
- New CoPhish attack steals OAuth tokens via Copilot Studio agents — www.bleepingcomputer.com — 25.10.2025 19:16