What Happened
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail, targeting access compromise via APIs," Kaspersky said in a detailed report published this week. "
Why It Matters
Report facts: The ToddyCat APT group is using a new Umbrij malware tool to hijack OAuth tokens and abuse the Google API to covertly access corporate Gmail accounts, focusing on API-based access to email communications hosted on Gmail.[1][2][6] This reflects a broader tactic where ToddyCat steals OAuth 2.0 tokens and browser session data at scale to reach cloud email and other SaaS services outside the initially compromised infrastructure.[3][4][10] CyberSE.AI analysis: For AI-enabled organizations, similar OAuth abuse and session hijacking techniques can be used to gain unauthorized access to AI-powered SaaS platforms (e.g., email copilots, workflow agents, or LLM-integrated productivity suites), enabling data exfiltration and covert manipulation of AI-driven business processes. Security teams should continuously red team OAuth and API integrations, assess SaaS and AI-agent access models, and implement strong governance around token handling, conditional access, and anomaly detection for API-driven access to email and AI services.
CyberSE Analysis
This signal maps to SaaS AI risk. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.
Source
https://thehackernews.com/2026/07/toddycat-linked-umbrij-malware-abuses.html