A friend of mine came to me for help with this issues. Her Gmail account has been hacked and keeps sending out spam emails to her contacts. This is happening to her on a monthly basis. Each time it happens she changes her password. She also went through and tweaked all her security settings. However, even after having done all this repeatedly, when she goes into her "Device activity" in her Google Account settings, it keeps showing an unauthorized Android device that belongs to the hacker. It doesn't give her the option to remove it from her devices either.
It looks like the emails aren't being sent from her device (they're sending spam emails to her whole address book and spoofing the from address to make it appear to come from her). However, we still want to know how to rid this device from her account.