Highlight from ToddyCat’s Umbrij Malware Hijacks Gmail Access Using OAuth Tokens Instead of Passwords
Traditional phishing campaigns usually rely on stealing usernames and passwords. However, Umbrij demonstrates that attackers increasingly prefer stealing authentication tokens instead.
Because OAuth tokens represent trusted authorization, attackers can often bypass multi-factor authentication after the token has been issued. Additionally, API-based access may generate fewer security alerts than suspicious login attempts, making detection more difficult.