Reprompt attack let hackers hijack Microsoft Copilot sessions
BleepingComputer • • technology
Key Points:
- Researchers at Varonis identified a "Reprompt" attack method that allows hackers to infiltrate Microsoft Copilot sessions by embedding malicious prompts in legitimate URLs, enabling data exfiltration after a single user click.
- The attack exploits Copilot's acceptance of prompts via the URL 'q' parameter and uses techniques like Parameter-to-Prompt injection, double-request, and chain-request to bypass safeguards and maintain ongoing access.
- Reprompt leverages the victim's authenticated Copilot session, which remains active even after closing the browser tab, allowing continuous and stealthy communication with the attacker's server.
- The instructions for data exfiltration are delivered dynamically from the attacker's server after the initial prompt, making it difficult for client-side security
