2 min read

Dyre malware targets millions of Salesforce users, stealing passwords and bypassing 2FA

Graham CLULEY

September 12, 2014

Dyre malware targets millions of Salesforce users, stealing passwords and bypassing 2FA

We’re all used to the idea of malware which snoops upon our online banking, attempting to steal our login credentials to help hackers gain access to our bank accounts.

Many of us are also aware of spyware trojan horses that target users of other websites, including popular webmail services or social networks, in the hope of plundering private information or using the platforms as a springboard for other attacks and committing fraud.

But sadly there are other online services which are catching the attention of cybercriminals because of the treasure trove of information they contain.

Late last week, the immensely popular cloud-based CRM Salesforce issued a security warning to its millions of business users about the Dyre malware, which is attempting to steal login credentials from Salesforce’s many customers.

Part of the advisory read:

On September 3, 2014, one of our security partners identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users. We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation. If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance.

This is not a vulnerability within Salesforce. It is malware that resides on infected computer systems and is designed to steal user log-in credentials and resides on infected customer systems.

The advisory went on to offer sensible advice about how users could strengthen their accounts’ security, by restricting the IP range of computers which were allowed to access accounts, and enabling two-factor authentication.

Interestingly, whoever created the Dyre malware was obviously keen to break into Salesforce accounts even if they were already protected by two-factor authentication.

As SC Magazine reports, if the Dyre malware has already infected a targeted computer it will redirect attempts to visit the genuine Salesforce website by taking users to a copycat site instead.

The bogus site grabs victims’s username and passwords, and then cunningly simultaneously logs into the genuine Salesforce website at the same time as the user tries to log into the false one, by intercepting the victim’s one-time password.

That’s a level of effort that malware authors would normally only go to for, say, a banking website.

Clearly these criminals are keen to get their hands on confidential business information, either for their own ends or to sell it on to others.

Fortunately, according to VirusTotal, most of the major anti-virus products are now able to detect the malware (which is also known as Dyreza) – including Bitdefender which protects against it generically as Trojan.GenericKD.1762927.

Salesforce says it will reach out to any customers who it believes has been affected by the malware.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read