Hackers are using a modified Salesforce app to trick employees and extort companies, Google says
Hackers are tricking employees at companies in Europe and the Americas into installing a modified version of a Salesforce-related app, allowing the hackers to steal reams of data, gain access to other corporate cloud services and extort those companies, Google said on Wednesday.
The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was 'aware of only a small subset of affected customers,' and said it was 'not a widespread issue.'
Salesforce warned customers of voice phishing, or 'vishing,' attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Motor 1
27 minutes ago
- Motor 1
Watch the Electric BMW M3 (Silently) Lap the Nürburgring
We knew it was coming: An electric BMW M3 . In February, we got our first glimpse of the EV performance car's battery and motors in action on an icy lake bed . Now, a new video shows a prototype of the electric M3 taking its talents to the Nürburgring. And doing so silently. A video shot by CarSpyMedia shows the new electric M3 tearing up the Green Hell. It may not be making any noise—other than tire squeal—but it looks like it's moving quickly as hell. The video is relatively short, but we get multiple angles of the new M3 in action, including some close-ups of the prototype on the road. The M-inspired camouflage does a decent job of hiding the M3's final looks, but we can still clearly see the car's extended fenders, aggressive bumper treatments, and the Neue Klasse design language. The overall shape gives off shades of the 2002, while the slim light fixtures and tiny kidney grilles are a far cry from the current G80 model. At least, they look much smaller under all that camouflage. So, how much power will this electric M3 produce? Unfortunately, the details are still pretty murky. BMW has previously suggested that an M3 with an electric powertrain could easily exceed 600 horsepower, with even more powerful 700-horsepower variants possible later in the vehicle's lifecycle. We won't know much about the electric M3 otherwise until we gets closer to the vehicle's debut date. We expect to see the electric 3 Series this year, but the M3 variant likely won't debut until sometime in 2026, before going on sale in 2027. The first vehicle to show off the brand's new Neue Klasse design language will be the iX3 electric SUV later this year. The Upcoming M3 EV BMW M3 Electric: Everything We Know Share this Story Facebook X LinkedIn Flipboard Reddit WhatsApp E-Mail Got a tip for us? Email: tips@ Join the conversation ( )
Android Authority
31 minutes ago
- Android Authority
Gemini now lets you schedule tasks ahead of time
Ryan Haines / Android Authority TL;DR Gemini now lets you automate routine tasks with its new scheduled actions feature. You can use it to schedule prompts to perform a task at a specific time, day, date, or after an event. The feature is available in the Gemini app for users with a Google AI Pro or Ultra subscription and qualifying Google Workspace business and education plans. Google has started rolling out Gemini's scheduled actions feature, which we spotted in a teardown earlier this year. As highlighted in the code strings, the feature allows users to automate routine tasks, similar to the scheduled tasks feature already available in ChatGPT. The scheduled actions feature will be available in the Gemini app starting today. Google says it will let users schedule prompts to perform tasks at a later date, time, or after an event. Users can utilize the feature to automate tasks like getting a summary of their calendar and unread emails every morning, generating five ideas for their blog every Monday, or staying updated on their favorite sports team. In addition to being useful for routine tasks, Gemini's scheduled actions will also come in handy for one-off tasks like getting a summary of an award show the day after it happens. Google adds that Gemini will allow users to transform prompts they're already using into recurring actions or manage existing actions within the new scheduled actions page in settings. Sadly, the scheduled actions feature isn't available for all Gemini users. It is limited to users with a Google AI Pro or Ultra subscription and qualifying Google Workspace business and education plans. Google may eventually make the feature available on Gemini's free tier, but there's no official confirmation yet. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
Forbes
35 minutes ago
- Forbes
Android Circuit: OnePlus Pad 3 Revealed, e/OS/3 Updated, Android's Photoshop Mobile Arrives
2024's Samsung Galaxy Z Fold 6 Taking a look back at this week's news and headlines across the Android world, including Galaxy Z Fold 7 details, Pixel 10 and Pixel 10 Pro release dates, Phtoshop Mobile released, parental controls for e/OS/, OnePlus Pad 3 revealed, Nothing Phone (3) launch date, Google Photos' AI search paused, and Android 17 dates. Android Circuit is here to remind you of a few of the many discussions around Android in the last seven days. You can also read my weekly digest of Apple news here on Forbes. Samsung's summer Galaxy Unpacked event has been all about its foldable phones for many a year. 2025 will be no different, with the presumptively named Z Fold7 and Z Flip7 expected. Samsung is being coy about what exactly is being launched, but the company started the teaser trailers this week. A Fold form factor is definitely on its way, but perhaps with an exciting change: "The Fold 7 isn't directly named, but the blacked out teaser image clearly shows a Galaxy Fold silhouette. Digital Trends also received a press image with the file name 'Galaxy-Z-Fold7-Z-Flip7-Pre-tease-Bartype_1920x1080.gif.' As I say, the existence of the Fold 7 isn't a surprise, but the early teaser and the heavy hint of a bigger display is. It's worth saying that the press images I received had no revealing file names." (Forbes). Also due for a summer release is Google's flagship Pixel smartphones. The Pixel 10 family may get an early preview with some influencers, but for the rest of the world, the schedule is almost identical to last year: "Initial reports suggested an event on Aug 13, but signs now point to a Made By Google event one week later… The event will now take place on Wednesday, Aug 20, with the announced hardware going on retail sale on Thursday, Aug 28. While plans may change, Google is expected to announce four new handsets." (Forbes). Adobe's Photoshop Mobile is now available for Android devices. Bringing much of the functionality of the desk-bound original (including layering, masking and the popular Firefly-powered Generative Fill) . The Photoshop Mobile app is free to download, but some advanced features require a subscription through Adobe's Creative Cloud: "The idea behind Photoshop Mobile, seen in the months it's been on the iPhone, is that it enables open-ended creativity, so that you can start Photoshopping wherever inspiration strikes – no more having a blinding flash of creativity on the subway, say, and being unable to do anything about it until you can get to your computer." (Forbes). Built on he Android Open Source Project, and with a focus on privacy, the third version of popular alternative e/OS/ was released this week with several new features. One of the more interesting ones, parental protection, sits nicely alongside the privacy features: "For those with kids in the house, /e/OS 3.0 introduces refined parental controls that give guardians more control over app installations and screen time. Plus, apps rated as "PG" will now require a security code to install, giving guardians an extra layer of control over what their children can access. The security code can also be enabled for other applications on a device." (Its Foss News). While it was late to the Android tablet game, OnePlus has established itself as one of the leading innovators in the space. The latest iteration is the OnePlus Pad 3, and it leans heavily into the multimedia experience: "Measuring less than six millimeters thin, OnePlus Pad 3 has been developed with an all metal unibody design that ensures its super strong and bend resistant. It also features eight symmetrically placed speakers - four woofers and four tweeters - to give a truly immersive audio experience, while the newly redesigned rear camera, which has been moved from a central position to the corner, gives the OnePlus Pad 3 a fresh look for 2025. " ( Under the tagline 'Come to Play', Nothing Tech has confirmed the launch date for its next flagship smartphone. The Nothing Phone (3) actually launches after the Nothing Phone (3a) which arrived in march this year. There's no hints from the company on the phone' tandout features, but CEO Carl Pei has confirmed that Nothing's first Over-The_ear headphones will launch at the same event: "London-based technology company Nothing has announced today that it will unveil its highly anticipated true flagship smartphone, Phone (3), on 1 July at 18:00 BST. " ( Google is pausing one of it current AI features due to poor user experiences. No doubt 'Ask Photos' will return, but for now the enhanced search function has been switched off. "Google is pausing the rollout of its AI-powered 'Ask Photos' feature within Google Photos, which has been slowly expanding since last fall. 'Ask Photos isn't where it needs to be,' wrote Jamie Aspinall, a product manager for Google Photos, in a post on X responding to criticism, citing three factors: latency, quality, and user experience." (The Verge). Android 16 is arriving earlier than expected this year, with a rollout before the end of June expected. That tweak to the schedule looks to be a success as the early plans for Android 17 line up: "You won't have to wait that long to try out Android 17, though. With Android 16, Google released the first Developer Preview in November. If the company sticks to this release plan, we expect the first Android 17 Developer Preview builds to be released in November 2025." (Android Authority). Android Circuit rounds up the news from the Android world every weekend here on Forbes. Don't forget to follow me so you don't miss any coverage in the future, and of course, read the sister column in Apple Loop! Last week's Android Circuit can be found here, and if you have any news and links you'd like to see featured in Android Circuit, get in touch!
