Google Workspace Gmail malware attachment detected
Description
AlphaSOC detected a Gmail audit event containing
message_info.attachment.malware_family, indicating Gmail identified a malware
family associated with an attachment. This signal is typically produced by
attachment scanning and indicates malicious or suspicious content was attached
to a message delivered or processed by Gmail.
Impact
Malicious attachments can deliver ransomware, remote access tools, or credential theft payloads. If successful, these attachments can lead to host compromise, credential theft, lateral movement, or data exfiltration depending on user interaction and attachment behavior.
Severity
| Severity | Condition |
|---|---|
High | Google Workspace Gmail malware attachment detected |
Investigation and Remediation
Identify the affected message, sender, recipient, and any URLs or macro-enabled files associated with the attachment. Isolate any hosts that opened the attachment and collect forensic artifacts. Quarantine the message and block the sender if malicious. Remove the attachment from distribution, run endpoint scans on recipients' devices, and reset credentials where compromise is suspected.