Hackers abuse modified Salesforce app to steal data, extort companies, Google says

By AJ Vicens
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies,
Google
said on Wednesday.
The hackers - tracked by the Google Threat Intelligence Group as UNC6040 - have "proven particularly effective at tricking employees" into installing a modified version of
Salesforce
's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain "significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments," the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as "The Com," known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson did not share additional details about how many companies have been targeted as part of the campaign, which has been observed over the past several months.
A Salesforce spokesperson told Reuters in an email that "there's no indication the issue described stems from any vulnerability inherent in our platform." The spokesperson said the voice calls used to trick employees "are targeted social engineering scams designed to exploit gaps in individual users'
cybersecurity awareness
and best practices."
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue."
Salesforce warned customers of
voice phishing
, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Mint

an hour ago

• Mint

Elon Musk's Tesla Robotaxi launches in Austin: Here's how much it costs

After a decade of unfulfilled promises, Elon Musk's Tesla finally began rolling out its driverless Robotaxi service in Austin. However, the first few rides were limited to a select group of social media influencers and content creators who are considered to be close to the company. Musk announced on X that the initial riders are being charged a flat fee of $4.20 per trip, but the long-term pricing structure remains unclear. Robotaxis are currently only available in a geofenced area of the city from 6 am to midnight. According to the terms of use posted by some of the first riders, the Robotaxi service may be limited or unavailable in bad weather. The Tesla CEO stated that Robotaxi launch was the 'culmination of a decade of hard work.' He also stated that both the AI chip running Robotaxi and the software teams were built from scratch within Tesla. Soon after Musk's official announcement, social media was filled with videos of people trying out Robotaxis showing a Model Y SUV running short distance trips with no driver in sight and only one passenger in the rear seats. Ahead of Tesla's planned rollout date, Texas lawmakers moved to enact an act called autonomous vehicle rules that requires a state permit to run self-driving vehicles, Reuters reported. The law was signed by Texas Governor Greg Abbott on Friday and takes effect from 1 September. The law also gives the state power to revoke permits for operators it deems a public danger. Tesla hasn't yet revealed when Robotaxi service will be available to use by the general public but Musk has promised to take the service quickly to other US cities in the near future. In Austin, specifically, Robotaxi faces a crowded market with Google's Waymo already operational with a partnership with Uber while Amazon's Zoox is also running tests there.

News18

2 hours ago

• News18

Apple's AI Delay Might Have Made It Consider Buying This AI Startup: Know More

Last Updated: Apple is facing long delays with Siri AI so the company might be looking at other ways to get going against Google and OpenAI. Apple's AI struggle has stretched beyond one year since its AI features were showcased at the WWDC 2024 last year. And it seems the company is looking at exterior solutions to get its ambitions off the tracks which could involve buying another company which has readymade AI tools available from day one. Reports this week suggest Apple has internally considered bidding for Perplexity which is another AI company vying for a spot amongst Google and OpenAI. Bloomberg has quoted sources in its report which clearly highlights the situation over at the Apple Park in Cupertino. These talks have mostly gone through internally, and an actual bid or discussion with the AI company has not happened. Apple's AI Push: Buy Big The report claims Adrian Perica has discussed the deal with Eddy Cue at Apple along with other senior decision makers. It also says that Apple might eventually decide against making an offer but these details are showing us the company's intent to get started maybe using existing platforms rather than invest in building a new one. After all, Perplexity already has an AI assistant, a search engine and plans to build more effective AI tools. The AI company already offers some of these features for iPhone users, which Siri can only dream of right now. Apple is a trillion dollar valued tech giant, which means buying any company will come easy at least with regards to the money. But even if Apple decides to formalise its interest in buying Perplexity, how much would it possibly cost? The AI company will be aware of the desperation at Apple and decide to get the highest price possible, which could be well over $50 billion if not more. This is unlikely to be the last time we hear rumours about Apple strolling the cart looking for a solid product to buy. The company's senior executives were recently grilled in an interview by the Wall Street Journal and you can feel the uneasiness in their body language when Siri AI is brought up and how the AI race has become a tough nut to crack for the iPhone maker in the last 2 years. There is a reason why Apple decided to deal with both OpenAI and Google to bring their ChatGPT and Gemini AI tools to iPhone users, now it is time to see the company make a serious move for its own future in this battle. First Published:

Hindustan Times

4 hours ago

• Hindustan Times

Probe into Karnataka ACB over ‘leaks' before raids

The raids by Karnataka's anti-corruption body was likely compromised from within as the investigators probing an extortion racket run by a dismissed police constable are examining whether raid information was deliberately leaked ahead of time, said officials familiar with the matter. Probe into Karnataka ACB over 'leaks' before raids The widening investigation comes in the wake of the arrest of Ningappa Savant, a 45-year-old former constable, who allegedly posed as senior Lokayukta officials to extort crores from government officers across departments, including transport, excise and the BBMP. The case initially emerged in May when a call was made to a Tumakuru RTO officer demanding bribes to avoid a Lokayukta raid. According to an official, the Lokayukta is probing a series of suspicious incidents where officials vacated their offices just before scheduled raids in 2024 and 2025. 'Details of several raids conducted by the Lokayukta in 2024 and 2025 were leaked on the day of the raids. The officials concerned fled the offices where the raids took place. On the same day, details of a phone call between some Lokayukta officials and Ningappan were found,' said an Lokayukta official on condition of anonymity. The official further said that investigators have traced calls from five different SIM cards, one of which was issued in Savant's name using his credentials. These numbers were used to impersonate senior Lokayukta personnel, calling government staff to extract money under the threat of imminent raids. 'Calls were made from different numbers to officials of other government departments in the name of Lokayukta, deputy Lokayukta, Lokayukta SP. Including the SIM card that Ningappa purchased using his Aadhaar number, such calls were made from a total of five SIM cards. This fact was discovered when the call details of all those numbers were collated,' said the official. Some of these SIM cards, investigators said, were fraudulently registered in the names of actual Lokayukta officers. Their photos were misused to create fake profiles on platforms such as Truecaller and Google, adding a layer of credibility to the scam. 'Some of these SIM cards were purchased in the names of Lokayukta officials. The pictures of Lokayukta officials were used in Truecaller and Google profiles. It is known that Ningappa also used one such SIM card,' the officer said. Savant, who was dismissed from service years ago for unauthorised absence, allegedly used WhatsApp groups and internal-looking Lokayukta updates to bolster his credibility and lure victims. According to the FIR, he contacted officials pretending to be senior Lokayukta officers and demanded money to suppress corruption allegations. In some instances, officials paid thousands and even lakhs of rupees through platforms such as Google Pay and PhonePe. The official quoted above said that Savant might have operated with insider support and Joshi Srinath Mahadev, a 2012 batch promotee IPS officer and former Lokayukta SP in Bengaluru, might have been involved in the matter. Another official said that Mahadev was seen spending hours at a hotel in an area linked to Savant. 'Information has been received that Srinath M Joshi, who was the Lokayukta SP, was in the lobby of a hotel in Ningappa Nagar for a few hours. In addition, the personal secretary of a state government minister was also in the same hotel with him. It has been reported that all three went out at the same time,' the official said. The official further said that Savant likely named Mahadev during police interrogation, claiming the IPS officer had a stake in cryptocurrency wallets into which the extorted money was allegedly diverted. The Lokayukta confirmed that nearly 13 crypto wallets have been frozen as part of the investigation. 'He admitted that he has invested the money he extorted in cryptocurrency in his own name and that of his relatives. His mobile was checked, and it was found that he had invested the money in about 13 crypto wallets. To trace the source of the money, the said wallets have been frozen and the investigation is continuing,' it said. Mahadev, relieved of duties on June 12, has approached a sessions court seeking anticipatory bail, arguing that the charges against him are false and that he had no association with Savant beyond their past service in Chitradurga. The Karnataka high court has temporarily stayed proceedings against Mahadev, but the broader investigation continues into 35 other officials whose names surfaced during Savant's interrogation. HT tried to get response from the DG and IGP but no one responded.