CoPhish: Copilot Studio Agents Used to Steal OAuth Tokens via Trusted Microsoft Domains
CoPhish: Copilot Studio Agents Used to Steal OAuth Tokens via Trusted Microsoft Domains Overview Security researchers have identified a new phishing technique named “CoPhish” that leverages Microsoft Copilot Studio agents to deliver fraudulent OAuth consent prompts via legitimate Microsoft domains. The campaign uses the trust provided by Microsoft-owned infrastructure to present users with what appear…