Malware Targeting Salesforce Users'Dyre' Trojan Outlined in Alert to Customers
Salesforce.com, a cloud-based customer relationship management provider, warns that malware known as Dyre is targeting certain customers. The company sees no evidence that any users have been impacted.
See Also: Autonomous Response: Threat Report
In an e-mail sent to Salesforce.com users Sept. 6, the company explains it was notified on Sept. 3 by its security partners that Dyre was targeting some Salesforce.com users. The e-mail describes Dyre as a malware "which typically targets customers of large, well-known financial institutions."
The news follows an Aug. 21 blog by online security firm Proofpoint that detailed a large-scale credential phishing scheme aimed at JPMorgan Chase customers using the Dyre banking Trojan (see: Alleged Bank Hack Tied to Phishing?).
Salesforce.com says it is continuing its investigation. If it's determined customers are impacted by the malware, the company will reach out to them with next steps and further guidance, the e-mail says.
"This is not a vulnerability within Salesforce," the e-mail says. "It is malware that resides on infected computer systems and is designed to steal user log-in credentials," Salesforce says.
The company recommends that customers work with their IT security team to ensure their security controls are able to detect the Dyre malware. Those who believe they've been infected by the Dyre malware can open a security support case with Salesforce.