ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

ToddyCat-backed Umbrij targets Gmail accounts via OAuth and Google APIs

Source headline: ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

A threat actor tracked as ToddyCat has been linked to malware named Umbrij. The malware aims to obtain covert access to corporate email stored in Gmail. It abuses OAuth-based permissions to interact with Gmail through the Google API. This can expose sensitive email content and enable further account misuse if authorization is compromised. Organizations should review OAuth consent grants, tighten API access controls, and monitor suspicious token or API activity.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#oauth #email-theft #gmail #google-api #oauth-abuse #umbrij
Original reporting The Hacker News ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
Open original source