September 8, 2014 | BY Jérôme Segura
The threat known as Dyre was originally spotted by security firm CSIS and by PhishMe which also had uncovered the new malware earlier in June.
Back then, the threat was aimed at banks and other financial institutions, something very reminiscent of other banking Trojans such as Zeus and its variants.
But researchers discovered that the malware is now capable of capturing login credentials from Salesforce users by redirecting them through a phishing website.
Dyre will initially infect users through some form of social-engineering, typically with an email that contains a malicious attachment. Once on the system, the malware can act as a man-in-the-middle and intercept every single keystroke. To be clear, this is not a vulnerability with Salesforce or its website, but rather a type of malware that leverages compromised end-point machines.