"The paper didn’t mention any potential malicious applications of the technology"
Yes it did. Literally every possible use for it they mentioned is malicious - it's all about posing fake comments to trick real people into thinking an article or site is much more active than it really is. What the paper didn't mention is any possible legitimate applications. Because there aren't any.