CybersecurityFeatured4 min read
Advanced Persistent Threat
ToddyCat apt deploys umbrij malware to hijack gmail via oauth token theft
ToddyCat's latest tool, Umbrij, automates theft of OAuth tokens from active Gmail sessions by launching Chromium browsers in headless mode and controlling them via remote debugging ports. The malware can extract authorization codes granting full access to Gmail, Drive, Contacts, Calendar, and Tasks.
2026-07-02