Oodaloop
ConsentFix and ClickFix: Rapid Hijacking of Microsoft 365 Accounts
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Cybercriminals are exploiting two attack methods, ConsentFix and ClickFix, to hijack Microsoft 365 accounts in as little as three seconds. These attacks leverage users' habitual online behaviors, such as dragging links into browsers and completing OAuth consent flows without scrutiny. The ClickFix method involves fake prompts that execute attacker commands through keyboard shortcuts, while ConsentFix targets OAuth consent screens, tricking users into surrendering OAuth tokens. Victims unknowingly grant session access to their accounts without entering credentials. The attacks have surged since 2025, with attackers utilizing free services for phishing lures and profiling targets before launching their attacks. Awareness and training remain critical, as these techniques exploit familiar workflows.
Key Points: • ConsentFix and ClickFix attacks can hijack Microsoft 365 accounts in seconds. • Attackers exploit user habits by inserting fake prompts into normal workflows. • The techniques have evolved, requiring minimal technical skill to execute.