Many legitimate applications exist outside the Apple App Store and Google Play Store. However, it’s generally safer to download from these official platforms. This caution is underscored by recent findings from Google researchers regarding a malicious campaign in which hackers manipulate employees into installing a modified version of the Salesforce application. Google’s Threat Intelligence Group has identified a hacker group known as “The Com” that exploits company personnel by tricking them into using this altered Salesforce app.

Through this modified app, hackers can gather sensitive information, which they later use in extortion schemes. Austin Larsen, a principal threat analyst at Google, highlighted the seriousness of the situation, noting that some organizations targeted by the group experienced data breaches. In some cases, extortion demands were made months after the initial breach, suggesting that the hackers may collaborate with other actors to monetize stolen data. The scam typically operates through a voice call to employees, who are deceived into visiting a fraudulent Salesforce app setup page.

There, they are asked to approve the deceptive app. This manipulation not only compromises sensitive data but also permits attackers to navigate through the company’s network. This access can lead to further assaults on various aspects of the company, including cloud services and internal networks. In response to these developments, Salesforce has stated that there is no evidence suggesting a vulnerability in its platform.

While the company did not disclose how many clients may have fallen victim to this social engineering tactic, they reassured that it is “not a widespread issue.” Nevertheless, Salesforce is advising its customers to be cautious about potential voice phishing scams and the threat posed by malicious versions of Data Loader. According to Google, approximately 20% of organizations have been targeted by this campaign.