importantSYS.SOURCE: The Hacker News• 2026-07-02T18:34:13+05:30
ToddyCat Malware Uses OAuth to Access Gmail via Google API
#OAuth#Gmail API#Malware#APT#Google API
The ToddyCat threat actor developed Umbrij malware, which exploits the OAuth 2.0 protocol and remote debugging capabilities in Chromium-based browsers to compromise Gmail accounts. This technique allows attackers to acquire OAuth access tokens to access corporate email communications via the Google API.
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API.
"In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs," Kaspersky said in a detailed report published this week. "
*** END OF TRANSMISSION ***