By Bill Toulas
Publication Date: 2025-12-11 15:10:00
A new variation of the ClickFix attack dubbed ‘ConsentFix’ abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications.
A ClickFix attack is a social engineering technique that attempts to trick users into running commands on their computer to install malware or steal data. They commonly use fake instructions that pretend to fix an error or verify that they are human and not a bot.
This new ConsentFix variant was discovered by cybersecurity firm Push Security, which explains that the ConsentFix technique steals OAuth 2.0 authorization codes that can be used to obtain an Azure CLI access token.
Azure CLI is a Microsoft command-line application that uses an OAuth flow to let users authenticate and manage Azure and Microsoft 365 resources from their local machine. In this campaign, attackers trick victims into completing that Azure CLI OAuth flow and then steal the resulting…
