IRS-authorized tax service eFile.com distributed malware for weeks — see if you're at risk
Malware was served up as a fake error message telling customers to update their browser
Filing your taxes electronically is certainly easier than doing so the old-fashioned way but taxpayers that used the tax preparation service eFile.com over the last few weeks could have been exposed to malware.
eFile.com is an IRS-authorized e-file service provider that’s used by many in the U.S. to file their tax returns. However, security researchers have discovered that the company’s website had been hosting a malicious JavaScript file for weeks after being hijacked by hackers.
The malicious JavaScript file is called ‘popper.js’ according to BleepingComputer and it was loaded on almost every page of eFile.com up until at least April 1st of this year. Fortunately, the file is no longer generating fake error messages which were used to distribute malware.
Hijacked website
In a Reddit post from March 17, a number of eFile.com users voiced their concerns that the company’s website may have been hijacked after an SSL error message began appearing on the site.
The fake error message said that “The site can’t be reached” while warning users that the current version of their browser “uses an unsupported protocol." It also contained a link that eFile.com customers could use to update their browser.
Instead of an actual browser update which are typically delivered inside the browser itself, this update contains another malicious JavaScript file called ‘update.js’. Users that did download it were then prompted to download the next stage payload as well, which was either update.exe for Google Chrome or installer.exe for Mozilla Firefox.
Security researchers at MalwareHunterTeam analyzed this fake update file and explained in a Twitter post that it was actually “Windows targeting malware” that could be used to power a botnet.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
At this time though, the full scope of the incident including how many eFile.com customers may have been successfully infected with malware is unknown. Likewise, the company has yet to release a statement on the matter.
However, the LockBit ransomware gang did say that it had hacked eFile.com back in January which would have given the cybercriminal group more than enough time to prepare and launch an attack on the company’s customers.
How to stay safe when filing your taxes online
If you did use eFile.com to prepare your tax return between March and April of this year, you may have accidentally installed malware on your Windows PC thinking your browser did require an update.
If this is the case, you can use the best antivirus software to thoroughly scan your system for any signs of a malware infection. It may also be worth signing up for one of the best identity theft protection services as they can help you regain lost funds in addition to recovering your identity.
Despite this recent attack on eFile.com, filing your taxes electronically is still the easiest way to do so for most people. However, you want to thoroughly research any tax service you plan on using and even if it costs a bit more, it’s worth going with a well-known provider like one from our list of the best tax software since so many personal and financial details are included when filing your taxes.
We’ll likely hear more about this incident once eFile.com decides to release a statement, though the company could be forced to issue a data breach notification to affected customers as well.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.