"Among their discoveries can be OAuth tokens, which these digital assistants then pass on to malicious parties. Datadog uncovered how agents use Microsoft Copilot Studio to assist in phishing campaigns. Copilot Studio enables a pervasive form of automation. To increase their usability, users can share the workflows of these agents, which are called "topics." The Login topic can be configured in such a way that users are misled."
"What is confusing for end users is that the link is actually an agent with a chatbot function as its interface. Logging in seems like a minor issue, but attackers are able to send victims to a URL that requests the granting of OAuth tokens for Microsoft Entra ID. With this token, actions can also be created that unsuspecting users perform when they grant permission."
Microsoft Copilot Studio allows users to build and share low-code agents called topics. Login topics can be configured to redirect users to a URL that requests OAuth tokens for Microsoft Entra ID. Malicious agents can harvest those OAuth tokens and then perform actions on behalf of victims, including sending emails and modifying calendars. Attackers can disguise the attack by using legitimate Microsoft links, making detection difficult. Users with Copilot Studio licenses or free trials in their own Entra ID tenants can create such malicious agents. Administrators can still approve permissions for unverified internal or external applications, enabling potential abuse.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]