Security · 2h ago
ToddyCat's Umbrij Malware Hijacks Gmail via OAuth
A new malware called Umbrij, linked to the ToddyCat threat actor, abuses OAuth tokens to access victims' Gmail accounts through Google APIs. Kaspersky reports the campaign targets corporate email communications, focusing on API-based access compromise. The malware enables surreptitious email theft without triggering standard security alerts.
Meridian48 take
While OAuth abuse is not new, Umbrij's focus on corporate Gmail via APIs underscores a growing trend of attackers bypassing traditional email security controls.
Read the full reporting
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API →
The Hacker News
oauth-abusegmail-malware