Introducing ConsentFix: The New Phishing Threat

Security researchers at Push Security have identified a sophisticated new phishing technique that bypasses traditional authentication safeguards entirely. Dubbed ConsentFix, this attack represents what the researchers describe as "a dangerous evolution of ClickFix and consent phishing that is incredibly hard for traditional security tools to detect and block."

Unlike conventional phishing campaigns that attempt to steal passwords or intercept multi-factor authentication codes, ConsentFix targets something far more valuable: OAuth authentication tokens for Microsoft accounts. By capturing these tokens, attackers gain complete control over victim accounts without ever triggering password prompts or MFA challenges.

"At this point, the attacker has effective control of the victim's Microsoft account, but without ever needing to phish a password, or pass an MFA check. In fact, if the user was already logged in to their Microsoft account, no login is required at all." — Push Security

The attack chain begins when victims encounter a legitimate but compromised website through a standard Google search. This initial vector completely sidesteps email-based anti-phishing controls that many organizations rely upon as their primary defense layer.

Upon visiting the compromised site, victims encounter a fake Cloudflare CAPTCHA-like verification page. The page requests a business email address under the guise of human verification—an unusual request that should immediately raise suspicion but often does not.

The attack sequence proceeds through several deceptive steps:

• A fake verification page prompts for business email address entry
• A legitimate-looking Microsoft login page appears containing an OAuth token URL
• Victims are instructed to copy and paste the URL as additional "verification"
• The captured URL grants attackers access via Azure CLI (Azure Command Line Interface)

What makes ConsentFix particularly dangerous is its execution environment. The entire attack occurs within the browser, never touching the endpoint. This architectural choice eliminates one of the primary detection opportunities that security teams typically rely upon for identifying malicious activity.

Roger Grimes, data-driven defense CISO advisor at KnowBe4, called ConsentFix "an incredibly new, innovative attack method," noting that classifying it merely as a ClickFix subvariant undersells its sophistication. The technique exploits the implicit trust users place in Microsoft's authentication infrastructure.

Christopher Kayser, social engineering expert and president of Cybercrime Analytics, identified two psychological manipulation tactics at the attack's core: obedience (following instructions to copy and paste) and trust (recognizing familiar Microsoft branding). These tactics exploit fundamental human tendencies that technical controls cannot fully address.

The targeting of Azure CLI as a first-party Microsoft application proves strategically significant. Many security controls designed for third-party application integrations simply do not apply to first-party tools. Additionally, phishing-resistant authentication methods like passkeys provide no protection since the attack requires no actual login process.

Avivah Litan, lead analyst for AI trust, risk and security management at Gartner, emphasized that ConsentFix exposes critical vulnerabilities in how organizations manage OAuth permissions. Legacy OAuth scopes within Microsoft Entra ID grant broad access without modern security controls or monitoring, creating blind spots that attackers actively exploit.

The ConsentFix Attack Chain

The ConsentFix attack chain begins when victims encounter a legitimate but compromised website through standard Google search results. This initial vector completely bypasses email-based anti-phishing controls that organizations typically rely upon for protection. The compromised site appears trustworthy because it genuinely existed before threat actors injected their malicious payload.

Upon visiting the compromised page, victims encounter what appears to be a Cloudflare CAPTCHA verification screen. This fake verification prompt requests the victim's business email address to "prove they're human." The use of Cloudflare branding exploits widespread familiarity with legitimate bot-detection services that users encounter daily across the web.

After submitting the email address, the attack chain advances to its most deceptive phase. A genuine Microsoft login page appears, complete with a legitimate URL structure based on the victim's email domain. This URL contains an OAuth token that would normally grant authorized applications access to Microsoft services.

The critical social engineering moment occurs when victims receive instructions to copy and paste this URL into a designated field—again framed as human verification. This request exploits two psychological triggers that threat actors consistently leverage:

• Obedience conditioning: Users follow instructions from perceived authority figures or trusted platforms
• Implicit trust: The presence of legitimate Microsoft branding creates false confidence in the process
• Verification fatigue: Repeated CAPTCHA and authentication prompts have normalized unusual verification requests

Once the victim pastes the URL, threat actors capture the embedded OAuth token. This token grants access through Azure CLI (Command Line Interface), a first-party Microsoft application. The attack's effectiveness stems from targeting this native Microsoft tool rather than third-party applications, which would face stricter consent controls and monitoring.

The browser-based execution model represents a significant tactical advantage. Traditional ClickFix attacks require victims to execute commands on their local endpoints, creating detection opportunities through endpoint security tools. ConsentFix operates entirely within the browser environment, leaving no traces on the victim's device for security software to identify.

Christopher Kayser, president of Cybercrime Analytics, emphasizes that effective security awareness training should help employees recognize suspicious patterns. Legitimate services never require users to copy and paste URLs as proof of humanity, nor do they request business email addresses for CAPTCHA verification.

The attack's reconnaissance capabilities extend beyond initial account compromise. According to Avivah Litan of Gartner, attackers exploit legacy OAuth scopes within Microsoft Entra ID to enumerate directory data systematically. This allows threat actors to map user accounts, groups, and organizational structures without triggering alerts associated with modern permission sets.

Roger Grimes of KnowBe4 notes that while the attack method appears innovative, the unusual request to copy lengthy URL strings may limit its success rate. However, the continued use of this technique suggests sufficient victims fall for the scheme to justify ongoing campaigns. Organizations should educate staff about the proliferation of fake Cloudflare verification pages, which Grimes describes as "the fake antivirus screen of today's world."

The attack's detection evasion extends to post-compromise investigation. Advanced techniques employed by threat actors make forensic analysis challenging, meaning many successful ConsentFix attacks likely remain unidentified within victim organizations.

Analyzing the Azure CLI Malware

The ConsentFix attack's exploitation of Azure CLI represents a sophisticated abuse of Microsoft's legitimate command-line interface tool rather than traditional malware deployment. Azure CLI serves as a cross-platform tool enabling administrators to manage Azure resources, subscriptions, and identity configurations directly from terminal environments.

When attackers capture the OAuth token through the deceptive URL copy-paste mechanism, they gain access through Azure CLI's authentication framework. This first-party application status creates a significant blind spot in organizational security architectures because it operates with implicit trust within Microsoft's ecosystem.

The captured OAuth token grants attackers access to Azure's command-line interface capabilities, which include:

• Enumeration of directory objects including user accounts, groups, and organizational units within Microsoft Entra ID
• Access to email, files, and collaborative workspaces associated with the compromised Microsoft account
• Potential lateral movement to connected Azure resources and cloud infrastructure
• Reconnaissance capabilities for identifying high-value targets within the organization

Avivah Litan, lead analyst for AI trust, risk and security management at Gartner, highlighted a critical vulnerability in this attack vector. Legacy OAuth scopes within Microsoft Entra ID grant broad access permissions that predate modern security controls and monitoring capabilities.

"Attackers exploit these legacy scopes to enumerate directory data, meaning they can systematically retrieve and map out user accounts, groups, and other directory objects within the organization. This reconnaissance enables attackers to identify high-value targets and plan further attacks, all without triggering alerts that would be associated with newer, more tightly controlled permissions."

The technical sophistication lies not in malicious code execution but in permission abuse. Because Azure CLI is a Microsoft-developed tool, security solutions designed to flag suspicious third-party application integrations fail to identify the threat. The attack operates entirely within sanctioned Microsoft infrastructure.

Push Security researchers emphasized that targeting a first-party application like Azure CLI means many mitigating controls available for third-party app integrations simply do not apply. Organizations cannot restrict or block Azure CLI access without potentially disrupting legitimate administrative operations.

The cloud environment impact extends beyond individual account compromise. Once attackers establish a foothold through Azure CLI, they can potentially access:

• Azure Active Directory configurations and identity management settings
• Connected SaaS applications through single sign-on relationships
• Shared resources and collaborative environments accessible to the compromised user
• Organizational hierarchy data useful for business email compromise campaigns

Detection proves exceptionally difficult because the attack generates activity patterns indistinguishable from legitimate Azure CLI usage. Security teams monitoring for anomalous behavior face the challenge of differentiating between authorized administrative actions and attacker reconnaissance.

The session hijacking aspect compounds the threat significantly. If victims maintain active Microsoft sessions—common in enterprise environments where users remain logged in throughout workdays—no authentication event occurs at all. Attackers inherit existing session privileges without generating login telemetry that security operations centers typically monitor.

Following the CISA Layered Defense Model, organizations must implement browser-based security controls capable of detecting suspicious OAuth consent flows. Traditional endpoint detection and response solutions monitoring for malicious executables or suspicious process behavior will not identify this attack because no malware touches the endpoint.

The attack's architecture exploits the fundamental trust relationship between users and Microsoft's authentication infrastructure. Security teams must recognize that first-party application abuse represents an emerging threat category requiring dedicated monitoring strategies and consent governance frameworks beyond traditional malware detection approaches.

Defending Against ConsentFix Phishing

Mitigating the ConsentFix threat requires organizations to address fundamental weaknesses in OAuth governance and browser-based security controls. Following the CISA Layered Defense Model, security teams should implement overlapping protections that account for this attack's unique ability to bypass traditional endpoint and email security measures.

Legacy OAuth scope remediation represents the most critical defensive priority. Avivah Litan, lead analyst for AI trust, risk and security management at Gartner, emphasizes that older permission sets within Microsoft Entra ID grant broad access without modern security controls or monitoring. Organizations should audit existing OAuth configurations and restrict legacy scopes that enable directory enumeration.

• Review and disable unnecessary Azure CLI permissions for standard user accounts
• Implement conditional access policies that restrict first-party application authentication to managed devices
• Configure Microsoft Entra ID to require admin consent for applications requesting directory read permissions
• Enable logging for all OAuth token grants and establish baseline behavioral patterns

Browser-based security controls provide essential visibility into attacks that never touch endpoints. Since ConsentFix operates entirely within browser sessions, traditional endpoint detection and response tools remain blind to the compromise. Security teams should deploy browser isolation technologies and URL inspection capabilities that can identify suspicious authentication flows.

Consent governance policies require immediate strengthening across enterprise environments. Litan notes that tightening consent processes for all applications substantially reduces unauthorized access risk. Organizations should implement workflows requiring security team approval before any application receives OAuth tokens with elevated permissions.

Real-time session monitoring enables detection of anomalous authentication patterns that indicate token theft. Security operations centers should configure alerts for Azure CLI authentication events originating from unexpected geographic locations or occurring outside normal business hours. Token usage patterns that deviate from established baselines warrant immediate investigation.

"By addressing these foundational issues — specifically, by limiting the use of legacy OAuth scopes, tightening consent processes for all applications, and deploying browser-based security — enterprises can substantially reduce the risk of unauthorized access resulting from OAuth consent abuse."

Security awareness training reformation addresses the human element that ConsentFix exploits. Christopher Kayser, social engineering expert and president of Cybercrime Analytics, points to research showing employees who completed cybersecurity awareness courses at a California hospital were equally likely to fall for phishing as untrained colleagues over an eight-month study period.

Training programs should abandon technical jargon in favor of practical recognition skills. Employees need to understand that legitimate verification systems never request business email addresses to prove humanity, and authentic CAPTCHA implementations never ask users to copy and paste URLs. Kayser maintains that explaining attack mechanics in accessible terms creates lasting behavioral change.

• Demonstrate what legitimate Cloudflare verification pages look like versus fraudulent imitations
• Train employees to recognize that URL copy-paste requests are inherently suspicious regardless of context
• Establish clear reporting channels for employees who encounter unusual authentication requests
• Conduct simulated ConsentFix-style exercises to measure recognition capabilities

Detection capabilities must account for the attack's advanced evasion techniques. Push Security researchers note these attacks frequently go undetected due to sophisticated anti-forensics measures. Security teams should implement Microsoft Entra ID sign-in log analysis focusing on Azure CLI authentication events that lack corresponding interactive login activity.

Organizations should also monitor for directory enumeration activity following new OAuth grants. Attackers use captured tokens to systematically map user accounts, groups, and directory objects to identify high-value targets. Unusual query patterns against directory services immediately following token issuance indicate potential compromise requiring incident response activation.

The Evolving Landscape of Phishing Attacks

The emergence of ConsentFix signals a fundamental shift in how threat actors approach credential theft and account takeover operations. Traditional phishing campaigns relied on deceptive emails containing malicious links or attachments, creating predictable patterns that security tools learned to identify. Modern attacks increasingly leverage legitimate infrastructure and trusted platforms to circumvent these established defenses.

Browser-based attack execution represents one of the most significant tactical evolutions in recent phishing campaigns. By confining malicious activity entirely within the browser environment, attackers eliminate endpoint detection opportunities that security teams have historically relied upon. This approach exploits the implicit trust organizations place in web-based workflows and cloud authentication mechanisms.

The weaponization of familiar verification interfaces demonstrates sophisticated understanding of user psychology. Cloudflare CAPTCHA screens have become so ubiquitous that users interact with them reflexively, rarely questioning their legitimacy. Roger Grimes, data-driven defense CISO advisor at KnowBe4, observes that "the Cloudflare CAPTCHA check has become the fake antivirus screen of today's world"—a reference to the deceptive security warnings that plagued users in previous decades.

Search engine poisoning as an initial access vector presents particular challenges for security architectures designed around email-centric threat models. When compromised websites appear in legitimate Google search results, organizations lose visibility into the attack's origin point. This technique bypasses:

• Email gateway scanning and filtering controls
• Link analysis and URL reputation services
• Attachment sandboxing and detonation
• Sender authentication protocols like DMARC and DKIM

The psychological manipulation underlying these attacks exploits what Christopher Kayser, social engineering expert and president of Cybercrime Analytics, identifies as two fundamental human tendencies: obedience to instructions and trust in familiar interfaces. When users encounter what appears to be a Microsoft login page, cognitive shortcuts override critical evaluation of the request's legitimacy.

Evidence suggests current security awareness programs fail to address these behavioral vulnerabilities effectively. Kayser cited research conducted at a California hospital over eight months, which found that employees who completed cybersecurity awareness training fell for phishing attempts at the same rate as untrained colleagues. This data challenges assumptions about training effectiveness and suggests fundamental pedagogical failures.

"Training often fails because instructors talk too much in technical terms. Instead they should explain attacks, how they work and how to recognize them. If you can explain to people what's going on, that sticks."

The attack's ability to succeed against users with active Microsoft sessions eliminates authentication as a defensive barrier entirely. Organizations cannot rely on password complexity requirements, MFA enforcement, or phishing-resistant credentials like passkeys when attackers target session tokens rather than authentication credentials themselves.

First-party application abuse creates systemic blind spots in consent governance frameworks. Security controls designed to evaluate and restrict third-party application permissions do not apply to Microsoft's own tools, creating an asymmetric advantage for attackers who understand these architectural limitations. This represents a broader trend of threat actors identifying and exploiting trust relationships within cloud ecosystems.

The reconnaissance capabilities enabled by successful token capture extend far beyond individual account compromise. Attackers can systematically map organizational directory structures, identify privileged accounts, and plan subsequent operations—all while operating within legitimate permission boundaries that avoid triggering security alerts.