A variant of the infamous banking trojan Zeus has gone beyond targeting financial accounts, instead striving to collect another type of sensitive business data: customer information.

The variant, known as Dyre, is a banking trojan that first came to light in June when security companies warned that the Zeus knockoff found a way to bypass Web encryption, known as secure sockets layer (SSL). At the time, it targeted some of the largest global banks, such as Bank of America, Citibank, Natwest, RBS, and Ulsterbank. A recent version of Dyre, however, has begun targeting Salesforce, a popular cloud service for storing customer information, according to analyses.

Other cloud services could just as easily be targeted, according to security firm Adallom.

"We currently believe this threat is not specific or limited to Salesforce which is both good and bad news," Ami Luttwak, chief technology officer and founder of Adallom, stated in a blog post. "Dyre is a tool that can be used to steal credentials and information from any website."

Malware tends to focus on grabbing banking credentials, as compromised accounts have the possibility of being turned into quick cash. But financial institutions have made it harder on online thieves, adding a variety of defenses to detect suspicious transactions. It's unclear, however, whether the criminals see a legitimate market in corporate customer information or if the data is just another way to better steal money from bank accounts, Luttwak said.

"Since the package contains a list of URLs being targeted, it looks like the creators of this variant simply added Salesforce.com URLs to the target list because it was easy—but unlike banking credentials, we’re not currently aware of any cybercrime stores selling Salesforce.com credentials, which is a telling indicator," he said.

It's not the first time that Salesforce has been targeted. In February, another Zeus variant stole corporate data through a compromised system whose user had logged into the cloud service, according to Adallom.

Salesforce alerted its customers over the weekend that a malicious program, alternately known as Dyre or Dyreza, started targeting users of the firm's customer-relationship management service, searching for credentials on compromised systems. Salesforce acknowledged that it became a target for attackers but denied that its customers had yet been impacted.

"We currently have no evidence that any of our customers have been impacted by this, and we are continuing our investigation," Salesforce said in a statement. "If we determine that a customer has been impacted by this malware, we will reach out to them with next steps and further guidance."