Cyber Fraud: 2025 is proving to be as dangerous as it is full of progress in terms of technology. On one hand, while Artificial Intelligence is progressing rapidly, on the other hand, cyber criminals are also targeting people in new ways. Recently, a cyber attack has come to light on Windows system which has the ability to dodge even the strongest security. It is being considered one of the most dangerous digital attacks of this year.
What is ConsentFix cyber attack?
Cyber security company Push Security has revealed a new phishing technique which it has named ‘ConsentFix’. This method is a combination of OAuth consent phishing and the old ClickFix attack. In this attack, the user is shown a browser notification which looks completely real and through that the account is accessed.
How do users fall into this trap?
According to the report of Check Point, in this technique the user is fraudulently asked to copy-paste a link. As soon as the user does this, hackers get direct access to his Microsoft account. The most dangerous thing is that in this process even security walls like passwords or multi-factor authentication become useless.
Why are Microsoft accounts the target?
According to Push Security, this campaign is specifically targeting Microsoft accounts. In this, the Azure CLI OAuth app is misused due to which hackers enter the user’s account without any alert. The entire attack takes place inside the browser itself, so the user does not even suspect.
It starts with fake alerts
In most cases this scam presents itself as a security warning. The message claims that your Microsoft account is under attack or that suspicious activity has been detected. After this a so-called solution is given which is actually the beginning of hacking. This same method was previously seen in the ClickFix attack, but ConsentFix is a more dangerous version of it.
How to avoid ConsentFix attack?
If in any message or pop-up you are told that the system is in danger and are asked to immediately copy-paste some text or link, then do not do it at all. Seeing any such alert, immediately shut down the system and restart it again. This one small precaution can save you from big loss. Being cautious is the best security in the digital world because a small mistake can put your entire digital identity at risk.
Also read:
Technical Guruji or Carryminati! Who earns more money from YouTube, know what is the net worth of both of them
