Modern attacks like ClickFix and ConsentFix succeed by hiding malicious actions inside familiar user workflows, such as fake verification prompts or Microsoft 365 sign-in steps. ConsentFix in particular can steal OAuth session tokens through trusted delivery platforms and lead to account takeover without needing credentials or MFA bypass. #ClickFix #ConsentFix #Microsoft365 #OAuth
Keypoints
- ClickFix tricks victims into running attacker-controlled commands through fake prompts.
- ConsentFix targets Microsoft 365 OAuth consent flows and steals session tokens.
- Phishing lures are often delivered through trusted services like Dropbox or DocSend.
- A public Russian cybercrime forum shared a detailed ConsentFix walkthrough and code.
- Defenders should monitor unusual PowerShell activity and unexpected session logins.