Highlight from ToddyCat’s Umbrij Malware Hijacks Gmail Access Using OAuth Tokens Instead of Passwords
The attackers abused legitimate signed executables, including components associated with Bitdefender software, Microsoft Visual Studio, and the discontinued Google Desktop application. Once executed, the malicious .NET DLL—protected with code obfuscation—takes control of the browser environment and begins harvesting the required OAuth authorization data.