ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cloud

ConsentFix and ClickFix steal Microsoft 365 tokens via OAuth prompts

Source headline: ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

ConsentFix and ClickFix are social-engineering techniques that hijack Microsoft 365 sessions. The scams use deceptive consent prompts and OAuth flows to trick users into granting token access. Once the attacker gains the authorization, they can impersonate the victim in Microsoft 365. The risk includes mailbox access, document access, and account takeover without needing a typical MFA bypass. Microsoft 365 admins and users should scrutinize consent prompts, review OAuth app permissions, and monitor for suspicious token activity.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#microsoft-365 #oauth #token-theft #account-hijacking #consent-phishing #mfa-bypass
Original reporting BleepingComputer ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
Open original source