Microsoft Copilot Studio agents exploited to steal tokens, experts warn

Your digital safety is at risk

You click login buttons on trusted websites every day, but a new scam is exploiting that habit. Security researchers have named the technique ‘CoPhish.’

Attackers build or share Copilot Studio agents whose interface triggers fraudulent OAuth consent flows, causing victims to unknowingly grant tokens that allow access to email, calendar, and files.

The attack uses Microsoft’s own Copilot Studio to create fake chatbot interfaces. Because the link is a real Microsoft domain, your brain automatically signals that it’s safe to proceed.

A wolf in sheep’s clothing

Hackers build malicious agents within the completely legitimate Copilot Studio platform. Because the agent pages are hosted on the official copilotstudio.microsoft.com domain, the pages can look genuine, which is exactly what attackers are exploiting.

This gives the scam an undeniable air of legitimacy that is difficult to question. In practice, the page looks legitimate while the underlying flow is a deceptive consent request, a convincing social-engineering setup rather than a defect in the domain itself.

The sneaky login trick

You visit what looks like a helpful AI assistant and see a simple Login button. Clicking it doesn’t just sign you in; it secretly redirects you to a malicious application. This fake app then requests permission to access your sensitive data.

This redirect happens seamlessly in the background, so you may not notice the change. You simply follow the prompts, thinking you are logging into a Microsoft service.

What you’re really approving

A familiar pop-up window asks if you grant the app permissions like reading your email or accessing your calendar. By clicking Accept, you are not logging in but handing over the keys to your digital life. This action grants the hacker a powerful OAuth token.

This token acts like a master key that works without your password. The hacker can now enter your account whenever they want.

Your digital keys have been stolen

This OAuth token allows the scammer to access your private information without needing your login credentials. They can read your personal emails, scan your calendar events, and view your private chat messages. All this happens from a trusted Microsoft domain, making it hard to detect.

The hacker gains persistent access to your account for as long as the token remains valid. This access bypasses security measures like multi-factor authentication.

Why does this feel so real

The scam is convincing because everything from the web address to the login screen looks completely official. Your brain naturally trusts the copilotstudio.microsoft.com URL because you recognize Microsoft’s brand. This psychological trick is designed to lower your guard completely.

The hackers exploit the inherent trust we place in major tech companies. This makes the deception incredibly effective and dangerous.

Hackers automate the theft

The hackers program the fake chatbot to automatically steal your digital token the moment you log in. This stolen token is immediately sent to the attacker’s server without you noticing anything wrong. The entire process is hidden behind a smooth, automated user experience.

This automation allows scammers to steal from many people efficiently. They do not need to manually collect each token.

Who is the main target?

While anyone can be a victim, this scam particularly targets people with special account access, like office administrators. An administrator’s account has higher-level permissions, making it a much more valuable prize for a hacker. Compromising one admin can open many doors inside a company.

These users can consent to broader data permissions, giving attackers greater control. Everyone should be vigilant, but power users must be extra careful.

Microsoft takes action

Microsoft told reporters it investigated the researchers’ report and is working on product updates to harden governance and consent experiences, while noting the attack relies on social engineering rather than a code vulnerability.

Future safeguards will help organizations prevent this kind of misuse. Meanwhile, users should apply immediate mitigations.

Protect yourself now

You can take immediate steps to shield yourself from this threat. Be extremely cautious about clicking Login on any unfamiliar webpage, even if the URL looks real. Always scrutinize the permissions an app requests before you approve them.

Question why a new service needs access to your email or calendar. When in doubt, do not grant consent.

Strengthen your account defenses

For the best protection, enable multi-factor authentication on all your important accounts. This adds a crucial second step to your login process, like a code from your phone. Organizations can restrict third-party app consent to require admin approval.

These layers of security can stop an attacker even if they steal your OAuth token. Proactive defense is your strongest tool.

Be wary of new online tools

This situation reminds us to treat new cloud services with healthy caution. Be extra careful with platforms that let users create and share their own content or bots.

Their great flexibility can sometimes be exploited for malicious purposes. A cool new tool is not always a safe tool. Always consider the source and its potential for abuse.

Your vigilance is key

Your own awareness is the most powerful defense against these advanced scams. If a login prompt seems unnecessary or appears out of context, pause and reconsider.

Trust your instincts and verify the authenticity of the request before proceeding. A moment of hesitation can prevent a major data breach. You are the most important part of your security.

A widespread problem

Security experts warn that this is part of a larger trend of attackers abusing trusted cloud services. Criminals constantly find new ways to use legitimate platforms for their illegal activities. Staying informed about these evolving tactics is your first line of defense.

As technology integrates deeper into our lives, these threats will continue to evolve. Knowledge is your best protection.

The future of online safety

We are using more AI and automated tools, making our digital world more complex. This convenience also demands greater watchfulness in how we interact with technology online.

Your digital safety is a shared responsibility between you and the tech companies. Security is a continuous journey, not a one-time setup. We must all adapt to new threats together.

Want to see what’s new? Check out Hey Copilot. Copilot starts listening as it lands on Windows 11.

You hold the power

Remember, you have the power to protect your online information by staying alert. Think before you click, especially on links and login buttons sent to you unexpectedly.

Your cautious habits are essential for navigating the internet safely every single day. Your proactive behavior is the ultimate key to your digital security. Stay informed and stay safe.

Stay safe while you play. See how you should try Copilot for mobile gaming?

What’s your top tip for staying safe online? Share it in the comments below, and if you found this helpful, give it a like.

Read More From This Brand:

• Microsoft alerts users about new ClickFix threat
• Windows 11 search gets smarter with Copilot AI boost
• Take control of your notes with Microsoft Copilot AI and boost your productivity

Don’t forget to follow us for more exclusive content right here on MSN.

If you liked this story, you’ll LOVE our FREE emails. Join today and be the first to get stories like this one.

This slideshow was made with AI assistance and human editing.