Hackers are using a modified Salesforce app to trick employees and extort companies, Google says
The hackers – tracked by the Google Threat Intelligence Group as UNC6040 – have 'proven particularly effective at tricking employees' into installing a modified version of Salesforce's Data Loader, a proprietary tool used to bulk import data into Salesforce environments, the researchers said.
The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader.
If the employee installs the app, the hackers gain 'significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments,' the researchers said.
The access also frequently gives the hackers the ability to move throughout a customer's network, enabling attacks on other cloud services and internal corporate networks.
Technical infrastructure tied to the campaign shares characteristics with suspected ties to the broader and loosely organized ecosystem known as 'The Com,' known for small, disparate groups engaging in cybercriminal and sometimes violent activity, the researchers said.
A Google spokesperson told Reuters that roughly 20 organizations have been affected by the UNC6040 campaign, which has been observed over the past several months. A subset of those organizations had data successfully exfiltrated, the spokesperson said.
A Salesforce spokesperson told Reuters in an email that 'there's no indication the issue described stems from any vulnerability inherent in our platform.' The spokesperson said the voice calls used to trick employees 'are targeted social engineering scams designed to exploit gaps in individual users' cybersecurity awareness and best practices.'
The spokesperson declined to share the specific number of affected customers, but said that Salesforce was 'aware of only a small subset of affected customers,' and said it was 'not a widespread issue.'
Salesforce warned customers of voice phishing, or 'vishing,' attacks and of hackers abusing malicious, modified versions of Data Loader in a March 2025 blog post.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
20 minutes ago
- Yahoo
UK Inflation Shocker: Why the BOE's Rate Cuts May Be Off the Table
This article first appeared on GuruFocus. While inflation has cooled across much of the developed world, the UK is proving stubborn. Consumer prices jumped 3.8% year-on-year in July and are expected to breach 4% by Septemberdouble the Bank of England's 2% target. The BOE has already slashed interest rates five times, trimming them to 4% from last year's 5.25% peak. But that hasn't been enough to rein in prices. Core drivers? Surging energy bills, labor costs, and a 26 billion payroll tax rolled out in Aprilall of which are pushing up input costs for businesses, many of whom are passing them on. Warning! GuruFocus has detected 5 Warning Signs with NVDA. Underneath the surface, the structural headwinds look even more problematic. UK productivity shrank 1% in Q2 compared to last year, putting the country behind most of its G7 peers. Add in lingering Brexit-related trade frictions and food prices that are now nearly 40% higher than pre-pandemic levels, and it becomes harder to argue this is just a cyclical inflation blip. Some pressures, like the summer airfare spike, may prove temporarybut the BOE remains on edge about second-round effects as workers continue to seek higher pay to shield themselves from the cost-of-living squeeze. Markets still expect a cut to 3.75% in November, but the BOE may hold back if wage growth doesn't cool as expected. For investors, this means uncertainty lingersparticularly for UK-linked consumer names and housing-sensitive sectors. Even global players like Tesla (NASDAQ:TSLA), which has exposure to the UK market, could feel ripple effects if inflation stays sticky and rate cuts get delayed. The BOE isn't calling the peak yetand neither should the market.
Android Authority
22 minutes ago
- Android Authority
Google's not done yet, with a new Android Canary release arriving for testers
Adamya Sharma / Android Authority TL;DR Google started its Android Canary program earlier this summer. So far that's meant a new Canary release on roughly a monthly cadence. Today Android Canary 2508 has landed for users interested in trying it out. Google, you do know that other days of the week exist, right? Because so far this Wednesday, Google has been getting stuff done like it's planning to shut down operation at the end of the day ahead of a nice, long four-day weekend. A few hours back, we were watching the Pixel 10 be unveiled at the company's Made by Google event, and nearly as soon as that was done we were getting our first taste of Android 16 QPR2. As if that didn't already represent 110% of our daily recommend Android dosage, now Google's got a new Android Canary release incoming. Don't want to miss the best from Android Authority? Set us as a preferred source in Google Search to support us and make sure you never miss our latest exclusive reports, expert analysis, and much more. Google got its new Canary program rolling back in June, and followed that up about a month ago with its July release. Now Google has some more Canary action for us, as we get our hands on Android Canary 2508, with a build ID of ZP11.250728.008. Right now we haven't seen any breakdown of what changes to expect, but knowing Android Canary releases, there's a good chance we might finally get our first opportunity to try out a couple new features we may have only spotted early code references to so far. And while there's a good likelihood not everything's going to be working the way we'd hope, we'll just be happy to try stuff out and get an update on how development is coming along. Android Canary 2508 is available for Pixel 6 and newer devices. If you're already running Canary, this one should be hitting your phone soon via OTA update, or you can always flash it directly if you're looking to get started with the program. We'll be working our way through today's release and sharing what we're able to reveal, so keep checking in with Android Authority so you don't miss any of our finds. Follow
Android Authority
22 minutes ago
- Android Authority
The Pixel 10 Pro has the display upgrade your poor eyes have been begging for
Rita El Khoury / Android Authority TL;DR The Pixel 10 Pro series introduces a new 'sensitive eyes' setting that doubles its display PWM rate to 480Hz. The option is limited to the Pro models, with partial support on the Pro Fold, and none on the base Pixel 10. This is Google's first significant step toward helping flicker-sensitive users, but it could go further. OLED screens are great for deep blacks and rich colors, but they also have a hidden flicker problem. It's caused by PWM dimming, where displays rapidly turn on and off to control brightness. While invisible to the naked eye in most cases, it can trigger eye strain, headaches, or worse for flicker-sensitive users. Google is taking steps to address this issue with the Pixel 10 series. Don't want to miss the best from Android Authority? Set us as a preferred source in Google Search to support us and make sure you never miss our latest exclusive reports, expert analysis, and much more. Back in June, we exclusively reported that Google was preparing to tackle this on the Pixel 10 Pro and Pro XL with a new 480Hz PWM dimming option. Android Central has now seen the feature in action during a Pixel 10 hands-on, confirming that the Pro models include an accessibility setting called 'Adjust brightness for sensitive eyes.' Switching it on apparently doubles the PWM rate from 240Hz to 480Hz, which should help ease strain for some. The Pixel 10 Pro Fold supports the option only on its inner display, while the base Pixel 10 misses out entirely. It's an overdue step forward, but Google still has some catching up to do. Competitors are already offering far higher rates, with OnePlus topping out at 2,160Hz, and HONOR going up to 4,320Hz. Research suggests those higher values are far more effective at eliminating flicker altogether. So while this isn't the leap some were hoping for, it's at least the first meaningful change Google has made on this front in years. Follow
