"The Graph API's popularity among attackers may be ... a report from IBM’s X-Force claimed the group was abusing the “search-ms” URI protocol handler to deploy malware to phishing victims.