Home / Jul 04, 2026 / Story
0
#9 The Hacker News general July 02, 2026 at 13:04 UTC

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

By [email protected] (The Hacker News)

AI Summary

Kaspersky researchers have attributed a new malware strain called Umbrij to the Chinese APT group ToddyCat, designed to abuse OAuth flows and the Google API to silently access victims' Gmail corporate email. The malware targets organizations using Google Workspace for corporate email, exfiltrating correspondence without triggering standard login alerts. Security teams should audit OAuth application grants and Google API access tokens for anomalous third-party authorizations.

Relevance score: 77.0/100

# More from July 04