Microsoft researchers have discovered a series of cyber attacks where OAuth applications are used to automatically conduct phishing attacks, disrupt company emails, and secretly mine cryptocurrency. The hackers' targets are accounts that lack strong authentication mechanisms. They create new OAuth applications with high permissions through hijacked accounts, allowing malware to access systems without the user's knowledge.

In one case, an attacker with the username Storm-1283 used OAuth to deploy virtual machines for cryptocurrency mining. Depending on the duration of the attack, losses ranged from $10,000 to $1.5 million.