ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
Modern attacks like ClickFix and ConsentFix succeed by hiding malicious actions inside familiar user workflows, such as fake verification prompts or Microsoft 365 sign-in steps. ConsentFix in particular can steal OAuth session tokens through trusted delivery platforms and lead to account takeover without needing credentials or MFA bypass. #ClickFix #ConsentFix #Microsoft365 #OAuth

Keypoints

  • ClickFix tricks victims into running attacker-controlled commands through fake prompts.
  • ConsentFix targets Microsoft 365 OAuth consent flows and steals session tokens.
  • Phishing lures are often delivered through trusted services like Dropbox or DocSend.
  • A public Russian cybercrime forum shared a detailed ConsentFix walkthrough and code.
  • Defenders should monitor unusual PowerShell activity and unexpected session logins.

Read More: https://www.bleepingcomputer.com/news/security/consentfix-and-clickfix-how-microsoft-365-accounts-are-hijacked-in-3-seconds/