New OAuth Phishing Technique "ConsentFix" Targets Microsoft Accounts

ConsentFix is a phishing technique targeting OAuth authorization flows to hijack Microsoft accounts. Identified by Push Security, this attack exploits browser-based consent mechanisms to obtain legitimate access tokens. Attackers adapt their methods, particularly through malicious applications registered in Azure AD, bypassing protections like MFA. The impacts include data theft, persistent account access, and the exfiltration of sensitive information. No specific date or statistics are mentioned in the article.