Summary

A newly identified phishing technique — dubbed “CoPhish” — is exploiting the legitimate platform Copilot Studio (by Microsoft) to trick users into granting OAuth tokens, thereby enabling attackers to gain persistent access inside corporate environments.

As organizations increasingly adopt AI-driven tools, this attack highlights how threat actors are targeting the orchestration and automation layers, not just end-users’ inboxes.

What’s Happening?

Researchers at Datadog Security Labs have described a novel workflow:

• An attacker creates a malicious agent inside Copilot Studio that uses the platform’s “demo website” capability. Because the agent is hosted on Microsoft’s domain (e.g.,copilotstudio.microsoft.com), it inherits a veneer of legitimacy.

• The agent’s “Login” topic is configured to redirect users to an OAuth consent screen for a malicious application (internal or external to the target organization). The trick: once the user consents, the attacker receives the OAuth token silently.

• For example, an admin might log in, permit read/write access for an “application”, and then unknowingly hand control over their session or environment. Because the token appears to come from Microsoft infrastructure, user traffic logs may not reveal the breach.

Why This Is Concerning

At ClearPhish.ai, we flag several red-flags:

• Trusted domain abuse: Since the agent is hosted on Microsoft’s infrastructure, the URL appears authentic. This significantly increases success probability compared to traditional phishing domains.

• OAuth token theft = open door: Once an attacker acquires valid OAuth tokens, they can access corporate resources without needing credentials, bypass multi-factor protections in many cases.

• Admin targeting potential: Even if regular users are targeted, the bigger risk is compromised administrators — once they give consent, the attacker can move laterally or escalate privileges.

• Visibility gaps: Because traffic originates from Microsoft IPs, it may not appear suspicious in monitoring tools. Attackers exploit this to hide their activity.

What Organizations Should Do

From the ClearPhish.ai perspective, we recommend immediate action steps to harden your environment against CoPhish-type attacks:

1. Govern application consent

   • Enforce strict policies around which applications users (especially admins) can authorize.

   • Restrict default user ability to register apps or agents in platforms like Copilot Studio.

   • Maintain an allowlist/denylist of trusted apps, and monitor new app registrations.

2. Reduce admin exposure

   • Segregate admin accounts from day-to-day usage (principle of least privilege).

   • Monitor consent events and newly created agents, especially those that request high-level permissions.

3. Visibility & anomaly detection

   • Look for unusual login or consent flows originating from trusted domains — e.g., Microsoft domains being used for unusual redirect behavior.

   • Track OAuth token issuance and usage patterns, especially tokens granted to new or unexpected applications.

4. User awareness & phishing simulation

   • Train users (and especially admins) to be wary of seemingly benign links hosted on trusted domains: “It’s on Microsoft’s domain, so must be safe” is no longer sufficient.

   • Use simulated campaigns that mimic this tactic (demo-site login prompts via trusted domain) to raise awareness.

How ClearPhish Helps

At ClearPhish, our human-centric phishing simulation platform is built to model such sophisticated attacks — including those leveraging orchestration tools and trusted domains.

• Our simulations include story-based micro-modules that replicate phishing workflows like CoPhish.

• We harness emotional vulnerability index scoring to assess how inclined users are to consent in high-trust scenarios (e.g., “this is Microsoft’s site”).

• With hyper-realistic simulations, we can help you train your admins and users to spot the subtle cues of agent-based phishing.

Final Thoughts

The emergence of CoPhish signals a pivot in phishing economics: attackers are moving from mass-email campaigns toward trusted-platform abuse, using infrastructure from major cloud providers to cloak their activities.

As organizations adopt more automation and AI-driven tooling, the attack surface expands. Defending modern environments requires not just endpoint protection, but governance, visibility, and human awareness across automation platforms. At ClearPhish, we believe that empowering humans to recognise and resist these next-gen threats is the most effective defence.