Malware Alert: Dyre steals Salesforce login credentials, and doesn’t even call you back

salesforceDoes your company use the Salesforce CRM to track and manage leads and contacts? If so, your employees might just become the targets of a malware attack.

About one week ago, Salesforce published a Security Alert on the Dyre Malware. The alert has stated that Salesforce security partners have discovered a variant of Dyre that can intercept Salesforce login credentials on infected computers, when users log in to Salesforce.com.

Since June 2014, Dyre has been known for its ability to steal credentials from banking websites – most recently being served in a JP Morgan Chase phishing campaign. Dyre can technically intercept information from users interacting with any website, though. It would now seem that Salesforce.com has simply been added to the malware’s list.

Interestingly, this is not the first time Salesforce.com has entered Malware’s cross hairs, either. In February 2014, a variant of Zeus was also found targeting the CRM.

How to Avoid a Dyre Situation

This latest incarnation of Dyre shows us that it isn’t just financial credentials that today’s computerized criminals are after. Any spec of information that can be stolen and squeezed for what it’s worth is fair game on underground markets. Salesforce credentials could, for example, be sold to competing companies.

To avoid Dyre, it is first important to realize that this is not a vulnerability on Salesforce.com.

It is simply a Trojan malware that infects computers and intercepts log in credentials, when they are entered into websites – Salesforce.com being the latest and greatest of the bunch. For companies that use the CRM, this means that compromise could occur whenever an employee logs in to Salesforce. Whether from work or at home, if the computer used to connect to the CRM is infected with Dyre the credentials will be captured by the malware.

Emsisoft currently offers a number of anti-malware solutions that can preemptively detect Dyre to avoid infection and remove Dyre from infected machines. If you’ve reached this page because you heard about the recent Salesforce malware issue, you probably weren’t looking for another sales pitch, so instead we’ll simply offer this little reminder:

Don’t open attachments/click on links from mysterious contacts you don’t know!

Oh, and if you’re looking for an automated solution, why not try Emsisoft Anti-Malware for Business for free ;)

Have a nice (Dyre-free) day!