Google promptly pulled the rogue application's OAuth page a few hours after learning about the campaign.