Microsoft account takeovers eased by new ConsentFix attack

Threat actors could stealthily compromise Microsoft accounts through the exploitation of the Azure CLI OAuth app as part of the new ConsentFix attack, which is yet another twist to the ClickFix social engineering technique, according to BleepingComputer. Intrusions involving ConsentFix commence with the appearance of a breached website in Google Search results, which redirects to a counterfeit Cloudflare Turnstile CAPTCHA seeking victims' legitimate business email addresses, a report from Push Security researchers revealed. After verifying that the email addresses belong to intended targets, users have been displayed another webpage that instructs them to sign in to their Microsoft accounts and paste the received URL for authentication before leading them to an Azure login page for CLI OAuth access code generation. "Once the steps are completed, the victim has effectively granted the attacker access to their Microsoft account via Azure CLI. At this point, the attacker has effective control of the victim's Microsoft account, but without ever needing to phish a password or pass an MFA check," said researchers, who urged users to be wary of suspicious Azure CLI login activity in the wake of ConsentFix.