Google warns of a fake app called Salesforce being used for hacking and extortion.

 Google's researchers have found a scheme where hackers trick company workers into downloading a messed-up version of the Salesforce app. 

They discovered a group called "The Com" that pulls this off by fooling employees into using the altered Salesforce application.

This changed app lets the hackers grab sensitive info, which they then use to extort the victims, according to a report from "androidheadlines" that "Qera Tech" also looked at. Austin Larsen, a senior threat analyst with Google’s Threat Intelligence team, mentioned that "the data extraction worked for some of the organizations that were hit by UNC6040. In some instances, these extortion requests came several months after UNC6040 initially broke in."

He also pointed out that "this might mean that UNC6040 has teamed up with another hacker to make money off the stolen data."

The scam typically starts with a phone call to the company's employees.

During the call, the hackers lead these employees to a fake setup page that looks like it’s linked to Salesforce.

On this page, employees get nudged into letting the fake app be installed. Besides swiping sensitive info, this breach goes even further, letting the attackers access the company’s network.

This lets them go after other parts of the company, including their cloud services and internal systems.

In reaction to the report, Salesforce said there’s no proof of a security hole in their platform.

They didn’t share how many customers might have fallen victim to this trick but stressed it’s "not a widespread issue."

Right now, Salesforce is alerting its clients about possible voice phishing scams that involve dodgy versions of Data Loader.

Still, a Google spokesperson estimated that around 20% of organizations have been hit by this campaign.