Google suspicious sign-in alert contains a trojan

Unsolicited email messages like this one contain an executable file as an attachment and should be deleted immediately Unknown attackers are attempting to persuade email recipients to open attachments that contain a trojan by claiming to be from The Google Accounts Team. A new email supposedly from "accounts-noreply@google.com" with the subject "Suspicious sign in prevented" is being sent en masse claiming that a hijacker has attempted to access the mail recipient's Google Account. The message says that the sign-in attempt was prevented but asks users to refer to the attached file for details of the attempted intrusion.

However, instead of containing information such as the IP address of the log-in attempt, the attached zip file contains a Windows executable file that will install a trojan onto a victim's system. While Google does sometimes send emails like this to users, they never contain attachments; users that receive such an email are advised to delete them. According to VirusTotal, the trojan is currently only detected by just half of 42 anti-virus programs used by the online virus scanner service.

(crve)