Google is investigating a large-scale phishing attack involving malware that is currently spreading among users of its Gmail service.
The message sent to Gmail users includes an invitation to view a shared Google Docs document.
However the link leads to a self-propagating internet worm.
Users are asked to log into their Google accounts by the malware, which doesn't ask for a password and appears to bypass two-factor authentication and signing in alerts.
After logging in, the fake Google Docs app then requests access to the user's Google accounts.
If users allow access, the worm will read all their contacts and attempt to send itself out to them. The malware appears to access users' emails as well, which may contain sensitive data like password reset messages for other services.
Google has confirmed the worm attack and is warning users not to click on the phishing email.
Unverified reports say Google has addressed the issue by blocking the fake Google Doc apps.
Users who have already allowed access to the malicious Google Docs should remove it immediately.
It is not clear who sent out the malicious emails or how many users have been affected by the attack.
The messages appear to have been sent via the Mailinator throw-away email service, with no other payload than self-replication.
Update 8:45am: Google’s Docs team said it had removed the fake pages for the malware and updated the company's safe browsing feature.
It advised users who believe they might have clicked on the link in the phishing message to visit its security check up page in order to remove apps that they don’t recognise.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
