If you have granted access to the app and are looking to stem the tide of potential "bad things," head to your Google Permissions page (that's real, not spam). On that page, you'll see a list of third-party applications you have granted permission to access your Google account. Find the application named "Google Docs." (Again, it's not the real Google Docs, which would not need third-party access.) Select "Google Docs" and when the application expands you can click "Remove."
If you haven't received the email, be wary of anything coming through that looks like this. And always be skeptical when granting access to your account to a third-party app.
Since the attack started around 11:30 am ET, Google has taken steps to stop the attack. Google said in a statement that they've pushed an update to Safe Browsing and disabled the account the attacks stemmed from.
Sign up here for our daily Thrillist email, and get your fix of the best in food/drink/fun.