ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
Kaspersky reports ToddyCat’s Umbrij abuses headless Chromium and OAuth flows to extract Gmail authorization codes, enabling access via tokens.
More info
