Emails purportedly sent by the Google Accounts Team warning about a prevented “suspicious sign- in” have been spotted targeting Google users.
“Someone recently tried to use an application to sign in to your Google Account,” says in the email. “We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt in attached file.”
The attached file is deceptively named Google_Accounts_Alert-6284-S44-8098.zip, and actually contains an executable file – a backdoor Trojan that opens the way for other malware to be delivered to the victim’s machine, and is currently detected by only half of the AV solutions used by VirusTotal.