There is someone on Twitter (maybe the same guy behind this "attack") claims that this was just a university student project!
"Google was warned of Google Docs phishing technique 6 years ago The mass phishing scam that hit Google account holders this week has taken some bizarre twists and turns. The most shocking perhaps is that Google was warned of the possibility of such an attack six years ago but despite rewarding the security researcher who flagged the vulnerability, did not do enough to address it... Motherboard also said that, in 2012, security researcher Andre DeMarre had warned Google about the phishing technique, suggesting that the company address the issue by checking if the name of any given app matched the URL of the firm behind it. However, Google responded to DeMarre that they will not perform the URL validation. This decision was reportedly criticised by experts and DeMarre..." http://www.ibtimes.co.uk/google-was-warned-google-docs-phishing-technique-6-years-ago-1620115 https://www.theregister.co.uk/2017/...nty_for_bug_behind_docs_drama_five_years_ago/
Phishing Defense: Block OAuth Token Attacks But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas Bienstock June 21, 2018 https://www.inforisktoday.com/phishing-defense-block-oauth-token-attacks-a-11117
