Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

The ToddyCat APT group has deployed a new malware family, Umbrij, that silently steals Gmail OAuth bearer tokens from active Chrome browser sessions by hijacking Chrome’s built-in remote debugging interface, no user credentials or MFA bypass required. Organizations running Google Workspace in corporate environments are the reported target, with stolen tokens granting persistent, API-level access to Gmail, Google Drive, Contacts, Calendar, and Tasks. According to Kaspersky researchers, Umbrij disguises itself using legitimately signed executables from Bitdefender, Microsoft, and Google to evade endpoint detection, raising the risk of undetected, long-duration email and document exfiltration.

Author

Tech Jacks Solutions