MEDIUMMalware
Global

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

·Source: The Hacker News

Updated:

Executive Summary

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs," Kaspersky said in a detailed report published this week. "

Analysis

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs," Kaspersky said in a detailed report published this week. "
Source Attribution

Originally published by The Hacker News on Jul 2, 2026.

Related Threats