Hackers abuse modified Salesforce app to steal data, extort companies, Google says
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday.
The hackers, tracked by the Google Threat Intelligence Group as UNC6040, have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorised, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said. A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organisations had data successfully exfiltrated, the spokesperson said.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was "aware of only a small subset of affected customers," and said it was "not a widespread issue." Salesforce warned customers of voice phishing, or "vishing," attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
News18
9 minutes ago
- News18
4 Toppers, 1 Centre: Patna CET Row Prompts Maharashtra To Ban Out-Of-State Exam Centres
Last Updated: The Maharashtra government will restrict all Common Entrance Tests (CET) for professional courses to within the state from next academic year due to irregularities at Patna centre In a significant policy shift, the Maharashtra government has decided to restrict all Common Entrance Tests (CET) for professional courses to examination centres within the state, starting next academic year. With this, students from outside Maharashtra taking the CET for a course offered by an institution will have to travel to an examination centre in the state. 'To maintain transparency and prevent malpractices in the CET, the state government has decided to restrict examination centres within Maharashtra from next year," the Maharashtra Higher and Technical Education Minister Chandrakant Patil said on Thursday. This move comes amid rising concerns over alleged irregularities at certain centres outside Maharashtra, particularly one in Patna, Bihar, which produced an unusual cluster of top scorers in the CET for the five-year LLB course. The controversy erupted after four students – Vishesh Kumar Pathak, Himanshu Jaiswal, Prakhar Jyoti, and Sanskriti Saundarya – emerged as toppers with a perfect 100 percentile in the Maharashtra LLB CET. All four had appeared from the same test centre, Maha Infotech, located in Patna. The exam was conducted on April 28 in two shifts, and although the four candidates took the test in different sessions, they shared the same location, raising immediate suspicions about the integrity of the process. Officials confirmed that only one examination centre had been set up in Bihar this year, due to around 25 students applying from the state. In total, 18 exam centres were established outside Maharashtra, but the state government has now decided to eliminate all such centres following the Patna incident. The suspicious activity of the Patna centre will be investigated, Patil told the media, adding that strict action will be taken to prevent such incidents in the future. 'Such incidents raise serious doubts and undermine the credibility of the examination process. But by conducting the CET only in Maharashtra, we can ensure better monitoring and reduce the risk of organised malpractices," PTI quoted Patil as saying. The decision aims to bolster credibility and monitoring of the CET, which is a gateway for admissions to various undergraduate and postgraduate professional courses including law, engineering, management, and more. The issue gained further gravity as it unfolds alongside an ongoing investigation into a broader CET-related scam. Earlier in March, the Mumbai Crime Branch arrested three brokers from Delhi in connection with an MBA-CET admission racket. The accused reportedly collected between Rs 11 to Rs 20 lakh from aspirants in exchange for artificially inflated scores and advised them to choose remote centres in Maharashtra districts like Bhandara, Gondia, Yavatmal, and Jalna – areas allegedly under lower scrutiny. The case involving the four Patna students is now under investigation by the Maharashtra CID. While no direct evidence of malpractice has been made public, officials say the clustering of perfect scores at a single out-of-state centre cannot be overlooked. Each year, over 10 lakh students appear for various CETs across Maharashtra, with more than 25,000 candidates previously opting for centres outside the state. However, this option will no longer be available, even to out-of-state applicants. 'The new move would not only help maintain fairness but also enhance the integrity of the admission process," Patil told PTI. He also addressed concerns over low participation in CETs for professional undergraduate courses like BBA, BCA, BMS, and BBM. Of more than 2,00,000 available seats, only 61,666 students appeared for the exam this year. 'Since many seats are likely to remain vacant, students will be given another opportunity to take the CET," he said.
India Today
13 minutes ago
- India Today
Google Pixel 10 might have gimbal-like video stabilisation, leaks reveal colour options
Google's upcoming Pixel 10 series is expected to come with a major camera upgrade. According to a report by Android Headlines, the Pixel 10 phones are expected to bring a big improvement in video quality, thanks to an advanced gimbal-like stabilisation system. It's being described as so good, it could mimic the results you'd normally get using a physical gimbal, but without actually needing one. Google has always been strong in photography, but video has often been a weak spot, especially when compared to iPhones. If this leak turns out to be accurate, the Pixel 10 might finally close that gap and give users a much smoother video experience. And the best part? This upgraded stabilisation tech is reportedly coming to the entire Pixel 10 Pixel 10 series is expected to include four models this year — the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, and the Pixel 10 Pro Fold. While the design is likely to stick to familiar territory, leaked images hint at flat sides, a horizontal camera bar, and slim bezels, similar to what we saw on the Pixel 9 series. Colour options haven't been confirmed officially, but early leaks suggest we could see a fresh set of finishes to go along with the updated Google Pixel 10 will reportedly come in four shades: Iris, Limoncello, Midnight, and Ultra Blue. The Iris colourway is said to be the same as seen on the Pixel 9a. Expect the Midnight to be a dark grey finish, while the Ultra Blue option could offer a royal blue finish, akin to what we saw in the first-gen Pixel smartphone. As for Limencello, it is expected to be a mid-tone colour Both the Google Pixel 10 Pro and Pixel 10 Pro XL, are also expected to come in four colours: Light Porcelain, Midnight, Smoky Green, and Sterling Grey shades. Think of Light Poreclain as a off-white creamish shade. Smoky Green and Sterling Grey, as the names suggest, could be dark and light renditions of green and grey, the Google Pixel 10 Pro Fold will reportedly come in two colours: Smoky Green and Sterling the hood, the Pixel 10 phones are rumoured to run on Google's new Tensor G5 chip, which is said to be manufactured by TSMC. This could be a much-needed improvement after users complained about heating issues and inconsistent performance in earlier models. The new chip is expected to offer better power efficiency, improved thermal management and smoother day-to-day the software side, the Pixel 10 series is likely to launch with Android 16. Google is expected to double down on its AI-powered features this year. Leaks mention new tools like Sketch-to-Image, Speak-to-Tweak voice editing for photos, and even video editing using generative AI — all running interesting bit is the possible addition of a telephoto lens on the standard Pixel 10 model. So far, this has been exclusive to the Pro models, but if it comes to the standard version, it could be a big win for regular users who want more versatility without spending extra. On the flip side, some camera sensors — especially the ultra-wide — might see a downgrade, reportedly using the same sensors found on the Pixel 9a. But given how much Google relies on software to make photos look great, that might not be a major issue in real-world for the launch, multiple leaks point to an unveiling on August 13, with pre-orders starting the same day and shipments beginning August 20. That's around the same timeline Google followed last year. With less than two months to go, more details are expected to surface tuned to India Today Tech for all the latest on the Google Pixel 10 series.
Time of India
16 minutes ago
- Time of India
US stock market today: Wall Street steadies as Tesla bounces back from $150bn rout, all eyes on payroll data
US stock futures edged higher on Friday as markets awaited key labour data, while shares of Tesla rebounded following signs of de-escalation in the high-profile spat between CEO Elon Musk and President Donald Trump. Tired of too many ads? go ad free now Tesla's stock jumped 4.2% in premarket trade, clawing back some of the steep 15% loss it suffered on Thursday after Trump threatened to pull federal contracts from Musk-led companies. The selloff had erased around $150 billion in Tesla's market capitalization, shaking investor sentiment across Wall Street, reported Reuters. Aides close to the White House have reportedly scheduled a call between the president and Musk on Friday, according to Politico, a move expected to ease tensions after the public feud rattled both markets and the administration's industrial policy. All eyes on non-farm payrolls Investors are now focused on the US Labour Department's May payrolls report, due at 8:30 a.m. ET, to assess the strength of the job market and its potential influence on the Federal Reserve's next rate decision. 'Whether it's the ISM surveys, the ADP figures, or the jobless claims, the tone is clearly one of a weakening economic momentum,' said Julien Lafargue, chief market strategist at Barclays Private Bank. This week's soft economic indicators have stoked worries of a slowdown, as trade uncertainty continues to weigh on business sentiment. The Fed is widely expected to hold interest rates steady at its next meeting, but traders are now pricing in two rate cuts by year-end, with the first anticipated in September, according to LSEG data. Markets stabilise after volatile week At 7:00 a.m. ET, Dow futures were up 112 points (0.26%), S&P 500 futures rose 20.5 points (0.34%), and Nasdaq 100 futures gained 72.25 points (0.33%). The broader market was also buoyed by gains in most megacap and growth stocks. Tired of too many ads? go ad free now Amazon shares climbed 0.9%, while Broadcom slipped 2.9% after its AI chip revenue guidance missed investor expectations. Among other major movers, Lululemon shares plunged 21.1% after the sportswear brand slashed its annual profit forecast, citing rising costs linked to Trump's tariffs. Nike stock was down 1.3% in early trade. DocuSign tumbled 19.2% after disappointing Q1 results. The S&P 500 and Nasdaq both posted their best monthly gains since November 2023 in May, lifted by a softer trade stance from Trump and solid earnings across sectors. However, the S&P 500 remains about 3.3% below its all-time high set in February.
