Mitigations put in place by Google in May 2017 to help block phishing attacks such as the recent OAuth worm weren’t enough to completely mitigate the issue, as Google's platform still allowed malicious OAuth clients to be submitted under deceiving names, Proofpoint security researchers say.
Article Link: http://feedproxy.google.com/~r/Securityweek/~3/vueIkmEcMMI/google-takes-second-swing-oauth-worm