Salesforce users might be being targeted by Dyre malware, which could steal user credentials to get access to data and further spread the virus.
A security partner to Salesforce indentified the malware that in the past has targeted banking credentials from financial institutions like Citigroup and Bank of America.
The malware is capable of monitoring and modifying network traffic, and is able to steal login data prior to its encryption.
Salesforce said in its blog: "We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation.
"If we determine that a customer has been impacted by this malware we will reach out to them with next steps and further guidance."
It is not known how the malware could be spread into Salesforce users system, but previously the malware was spread through phishing emails.
The company has recommended that its users enable anti-malware tools capable of detecting Dyre, and add extra layers of protection through the use of SMS Identity Confirmation.
Salesforce also recommends customers activate IP range restrictions and make use of two factor authentication.