OiVaVoii is targeting general managers and company executives with malicious OAuth apps and custom phishing messages sent from hijacked Microsoft Office 365 accounts.