New Consentfix Technique Tricks Users Into Handing Over OAuth Tokens
KnowBe4, Tuesday, December 30th, 2025
Researchers at Push Security have observed a new variant of the ClickFix attack that combines 'OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.'
The technique, which the researchers call 'ConsentFix,' tricks victims into copying and pasting a localhost URL containing an authorization token, then pasting it into a phishing page.
'Authorization code flow is an OAuth 2.0 protocol for web applications to get a user's permission to access protected resources,' the researchers explain.