Threat actors are using a new phishing technique called “CoPhish” to gain access to Microsoft Entra ID accounts, say researchers at Datadog Security Labs.
In CoPhish attacks, the threat actors create custom Copilot Studio agents that are hosted on legitimate Microsoft domains. According to Datadog, these malicious agents redirect the user to a malicious OAuth flow, before prompting them to enter their login credentials and authentication code. Attackers can then use this information to gain unauthorized access to applications linked to the victim’s Entra ID account, such as their inbox, calendar, or OneNote. From here, they can exfiltrate data or send further phishing attacks unbeknownst to the victim.
CoPhish attacks are a form of OAuth consent attack, in which threat actors trick users into approving broad access permissions to sensitive data. However, the added layer of wrapping the attack in a cleverly disguised malicious AI agent makes it easier for attackers to bypass user suspicions.
Microsoft has improved its defenses against OAuth attacks in recent years, including imposing restrictions on unverified apps and implementing a default policy that blocks consent for high-risk permissions without admins approval.
However, unprivileged users can still consent to certain permissions for internal applications, and users with certain admin privileges can still content to any permissions on any app.
This means that, while it’s become much harder for attackers to carry out OAuth consent attacks, it isn’t impossible. And with AI agents and chatbots providing attackers with more opportunity to disguise these attacks, it’s critical that IT and security teams maintain oversight over the tools that their end users are utilizing.
“This method highlighted current gaps in Microsoft’s OAuth consent settings and served as a reminder not to trust low-code solutions on Microsoft domains as inherently non-malicious,” Datadog said.
Recommended Mitigation
To protect their users against CoPhish attacks, organizations should enforce robust application consent policies beyond Microsoft’s defaults, restrict users from creating apps, and monitor their Entra ID and Microsoft 365 audit logs for suspicious application consent activities, says Datadog.
The research team also recommends monitoring Copilot Studio events that may indicate malicious activity, such as the creation or modification of agents.
