ShellCodeX Intelligence Brief
HIGH
Cloud
ConsentFix and ClickFix steal Microsoft 365 tokens via OAuth prompts
Source headline: ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
Threat level
High
Signal strength
75/100
Source confidence
1 source
Published
2 hours ago
Intelligence Summary
ConsentFix and ClickFix are social-engineering techniques that hijack Microsoft 365 sessions. The scams use deceptive consent prompts and OAuth flows to trick users into granting token access. Once the attacker gains the authorization, they can impersonate the victim in Microsoft 365. The risk includes mailbox access, document access, and account takeover without needing a typical MFA bypass. Microsoft 365 admins and users should scrutinize consent prompts, review OAuth app permissions, and monitor for suspicious token activity.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.
Topics
Original reporting
BleepingComputer
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
Open original source