"Someone recently tried to use an application to sign in to your Google Account," says in the email. "We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt in attached file."
The attached file is deceptively named Google_Accounts_Alert-6284-S44-8098.zip, and actually contains an executable file - a backdoor Trojan that opens the way for other malware to be delivered to the victim's machine, and is currently detected by only half of the AV solutions used by VirusTotal.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.