Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers

A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy.

Many Gmail account users will utilize the 'filters' feature for various automation functions in handling email messages. The Gmail Filter Virus specifically targets the filters settings by adding multiple filter rules for incoming mail messages. A Gmail account that has been attacked by the Gmail Filter Virus will automate a process to receive messages but skip the email inbox. It will then mark the messages received as read, forward them to recipients in your address book and then delete the message. Performing these steps will make it look like no message was ever received in your inbox and all trails of the message being sent to someone will be erased. Basically, Gmail Filter Virus acts as an email-laundering virus that covers its tracks.

The Figure 1 image below is an example of how a Gmail account's filter settings look in the event that it was attacked by the Gmail Filter Virus.

Figure 1. Gmail Filter Settings attacked by Gmail Filter Virus from PCMagazine

The origins of the Gmail Filter Virus are currently unknown, but we know that your own computer does not have to be infected with malware for this to happen. Some Gmail users who have encountered the Gmail Filter Virus may have used a public computer that was infected with some type of malware related to this virus and then proceeded to log into their Gmail account. From there, the Gmail account can come under attack. All it would take is logging into your Gmail account using an infected computer only one time.

Currently, nothing points to the Gmail Filter Virus being able to compromise your personal information but the recipients of email messages sent to your Gmail account could very well expose the contents of those emails.

Google presently knows of this vulnerability and already have server-side detections to attempt to block it. In some cases, the Gmail Filter Virus can still fall through the cracks. Unfortunately, we have not identified any security software that is able to detect the Gmail Filter Virus which can be best described as a vulnerability within Gmail account's filter setting instead of being an actual virus file.

In the event that you suspect your Gmail account may have the Gmail Filter Virus, you can simply check the 'Filter' option in 'Settings' to verify that the rules listed in Figure 1 are not similar to yours.


  • Tracy:

    My gmail account has a virus, I have reset my password and ran an scan do I need to closed this account to avoid futher issues?
    Thank you

  • Julie miles:

    This morning a virus sent emails to all my contacts, what can I do to stop this? Don't want to attack all my contacts, help please.

  • Abdelelah Hamad:

    This morning a virus sent emails to all my contacts, what can I do to stop this?

    Help me
    Best regards

  • peter C:

    I had this - all the above is correct except the don't tell you what to do if you do have it! I just changed my passowrd then clicked on and deleted ALL the filers it had applied - they look just like the above figure 1 and so far everything is working fine again now.


    Reading the data on this infection it appears to be one of the cleverer ones. Virus checkers can not detect it and it writes commands to your Filter Section of your Gmail account. The only way I could eliminate it from my friends system was to tell him never to access his email account from any computer other than his own. I advised him to to open up another Gmail account and forward messages to his second Gmail email account. I erased all the filter instructions from his first account and told him to put me in both of his account address books. This way I hope I have cured the problem. So far there has been no more Gmail Filter Virus attacks.

  • Jason Landers:

    I have that virus on my gmail account. I had a message come up said someone in Kiev Ukraine was stealing my data.

  • Gmail recovery:

    Thanks! This really helped! Do you know if there is any way to get this added account to work with google calendars? I’m having some problems accepting invites to meetings as it says that I’m not logged in to the account that I’m accepting from.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.