bleeping-computer · Crawled Jul 5, 2026

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

Read original article ↗

AI Summary

ConsentFix and ClickFix are social engineering attacks that hijack Microsoft 365 accounts by exploiting user trust in routine workflows. ClickFix tricks users into executing malicious commands via fake verification prompts, while ConsentFix abuses OAuth consent flows by luring victims into dragging a localhost callback link, surrendering OAuth tokens. These attacks bypass traditional security measures by mimicking legitimate processes, requiring no malware or credential theft. Attackers leverage publicly shared blueprints and common platforms like Dropbox to distribute lures.

AI-extracted · verify before operational use

No entities or IoCs were extracted from this article.