#9
The Hacker News
general
July 02, 2026 at 13:04 UTC
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
By [email protected] (The Hacker News)
AI Summary
Kaspersky researchers have attributed a new malware strain called Umbrij to the Chinese APT group ToddyCat, designed to abuse OAuth flows and the Google API to silently access victims' Gmail corporate email. The malware targets organizations using Google Workspace for corporate email, exfiltrating correspondence without triggering standard login alerts. Security teams should audit OAuth application grants and Google API access tokens for anomalous third-party authorizations.
Relevance score: 77.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →