Hackers abuse modified Salesforce app to steal data, extort companies, Google says
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies,
said on Wednesday.
The hackers - tracked by the Google Threat Intelligence Group as UNC6040 - have "proven particularly effective at tricking employees" into installing a modified version of
Salesforce
's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain "significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments," the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as "The Com," known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson did not share additional details about how many companies have been targeted as part of the campaign, which has been observed over the past several months.
A Salesforce spokesperson told Reuters in an email that "there's no indication the issue described stems from any vulnerability inherent in our platform." The spokesperson said the voice calls used to trick employees "are targeted social engineering scams designed to exploit gaps in individual users'
cybersecurity awareness
and best practices."
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue."
Salesforce warned customers of
voice phishing
, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hindustan Times
an hour ago
- Hindustan Times
Cloudflare DNS outage: Multiple websites on 1.1.1.1 server down, company reacts
Web hosting service Cloudflare was down for thousands of users on Monday afternoon, as per DownDetector. Cloudflare said that there is an issue with the 1.1.1.1 public resolver, which resulted in many websites hosted on its server being down, and they are working to fix it. Representational image.(Unsplash) "Cloudflare is aware of, and investigating, an issue which potentially impacts multiple users that use 1.1.1.1 public resolver. Further detail will be provided as more information becomes available," the company stated. DownDetector, a platform that tracks outages on the internet based on users' reports, had as many as 4,071 users reporting an outage at the peak of the outage. Since then, the number of reports has fallen to the 400s and is going down. In the comments section of the app, many users said that Cloudflare is back up and working. More than 4,000 people reported an outage with DownDetector. (DownDetector) Additionally, DownDetector showed that 98% of the users reported a problem with the DNS and 1% reported an issue with hosting. Some users claimed that the outage was not limited to the Cloudflare DNS and Google and other hosting services also faced an outage. Despite DownDetector also showing the same, there has been no official message from Google about the issue, as of now.
Time of India
5 hours ago
- Time of India
Man arrested in Ghaziabad for 22.63L cyber fraud in Udaipur
Udaipur: Pratapgarh police arrested a man from Ghaziabad Sunday for allegedly defrauding a Udaipur resident of Rs 22.63 lakh in a cyber scam involving a fake Birla Sun Life insurance policy refund. Acting on a complaint filed by victim Nanalal Lohar on May 11, 2024, the police launched an investigation that led to the arrest of the key accused, Shafiq Ahmed, 32, a resident of Sahibabad in Ghaziabad, Uttar Pradesh. Lohar had approached an unknown contact to claim a refund on his dormant insurance policy. The accused, posing as representatives of Birla Sun Life and using fake identities—Manoj Pandey, NP Singh, and VK Singh—sent Aadhaar and PAN card copies via a social media app to gain the victim's trust. Once convinced, Lohar transferred Rs 22.63 lakh to various accounts provided by the accused between April 15 and May 9, 2024. The fraud came to light when the accused's phone became unreachable, prompting Lohar to lodge a complaint with the Pratapgarh cyber police station. District superintendent of police Vineet Kumar Bansal formed a special team led by Cyber Police SHO Hari Singh to probe the matter. The team quickly traced and froze the involved bank accounts. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like New Launch by L&T – 3 & 4 BHKs Near Viviana L&T Evara Heights Enquire Now Undo Technical analysis revealed that the funds had been deposited into the account of Shafiq Ahmed. A police team raided Ghaziabad and detained Ahmed, who during interrogation confessed to contacting Lohar via a number found on Google and conning him with the promise of an insurance refund. Police said efforts are underway to trace other members of the fraud network based on leads from Ahmed's interrogation.
Time of India
6 hours ago
- Time of India
AI tools tackling real estate's biggest revenue bottlenecks
At the Realty & Beyond 2025 – Hyderabad Edition, Andrew Asir, SVP-Global Business Expansion, MotiveMinds spotlighted critical sales and operational inefficiencies plaguing India's real estate sector, despite a surge in home launches and lead inflow. Addressing developers and industry leaders, he revealed that poor lead prioritization, lack of sales handover discipline, and scattered contractor coordination are leading to major revenue leakages. Drawing from on-ground conversations at the event, he highlighted that many real estate firms are overwhelmed with unconverted leads and delayed project reconciliations. In response, Andrew presented 'Squarefeet', an AI-powered sales CRM accelerator built on Salesforce, and 'MyRI', a contractor collaboration tool integrated with SAP. These solutions aim to fix problems such as CRM double-entry, agent-partner friction, manual measurement books, and delayed invoicing. According to Andrew, deployments of these tools have already boosted conversions by 25% and improved follow-up rates by 30% for top developers. Advertisement
