ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
ID: e59c554e-a9ad-55b5-a3a0-2b0a33dcec47
STIX ID: report--e59c554e-a9ad-55b5-a3a0-2b0a33dcec47
Feed Name: Bleeping Computer
This Huntress Labs Tradecraft Tuesday briefing describes ClickFix-style social-engineering attacks and a newer ConsentFix variant that hijacks Microsoft 365 OAuth consent flows by tricking users into dragging local callback links or executing pasted commands, resulting in token/session theft and account takeover; the technique surged in 2025, has working code published on a Russian cybercrime forum, and defenders are advised to combine user awareness with endpoint and identity monitoring to detect unusual PowerShell activity and anomalous session logins.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
