New ConsentFix Technique Tricks Users Into Handing Over OAuth Tokens

• December 30th, 2025

New ConsentFix Technique Tricks Users Into Handing Over OAuth Tokens

Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.”