Hackers abuse modified Salesforce app to steal data, extort companies, Google says

The hackers use voice calls to trick employees into visiting a purported Salesforce connected app setup page to approve the unauthorized, modified version of the app, created by the hackers to emulate Data Loader. If the employee installs the app, the hackers gain "significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments," the researchers said.