Watch out! Tax-filing platform eFile.com got caught red-handed spreading malware to unsuspecting users, according to cybersecurity investigators (h/t Bleeping Computer).
Adding salt to injury, eFile.com is touted as a free, IRS-approved tax-filing service provider, giving users a false sense of security. As it turns out, researchers discovered that eFile.com hosted a malicious JavaScript file on its website for weeks.
Authenticating the researchers’ findings, Bleeping Computer said that it, too, spotted the aforementioned malicious JavaScript file across eFile.com’s webpages. The ill-intentioned file in question is called “popper.js.”
What did it do? Well, according to PCWorld, it loaded a legitimate-looking faux error page instructing users to install a browser update. But of course, it’s not a real browser update — it’s a trojan designed to deliver your PC a gnarly serving of malware (a Windows-based botnet attack, to be specific).
The issue was present on eFile.com since March 17, according to Johannes Ullrich, a security researcher from SANS Technology Institute. Ullrich added that only two malware scanners flagged the malware: Crowdstrike Falcon and Cynet.
It’s worth noting that eFile.com was reportedly hijacked two weeks ago, according to security research group MalwareHunterTeam (MHT). But that’s no excuse; MHT is still putting its foot on eFile.com’s neck for not sweeping out the mess.
“So, the website of (efile[.]com), ‘is an IRS authorized e-file provider’ got compromised at least around middle of March & still not cleaned,” MalwareHunterTeam tweeted on April 3.
As of this writing, eFile.com has not released a statement about the malware findings discovered on its website. The moral of the story? Stick to TurboTax and H&R Block.