Skip to main content
  1. Home
  2. Computing
  3. News

Hackers wiped out this popular tax prep software as filing deadline looms

By

The IRS-authorized tax preparation software service eFile.com recently suffered a JavaScript malware attack in the middle of tax season, according to BleepingComputer.

The nefarious JavaScript file has been identified as popper.js and has been observed by eFile.com users as well as by security researchers. The malware is believed to have surfaced on the service around mid-March and has interacted with “almost every page of eFile.com, at least up until April 1st,” the publication added.

SSL error shown by eFile.com (u/SaltyPotter on Reddit).
Image used with permission by copyright holder

Encountering this infected JavaScript on eFile.com would likely result in seeing a broken link, which is returned by infoamanewonliag[.]online. Users of the service began discussing the possibility of an attack on Reddit on March 17, noting that an SSL error message they were receiving appeared to be fake.

Recommended Videos

Researchers confirmed that the errors were indicative of a malware attack, also connecting them to the JavaScript malware file update.js. This file acted in the malware as the cue to make users download the file, and can ultimately vary depending on the browser being used, such as [update.exe – VirusTotal] for Chrome or [installer.exe – VirusTotal] for Firefox.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

Having conducted its own research on the malware, BleepingComputer learned that the bad actors orchestrating the malware did so from a Tokyo-based IP address, 47.245.6.91 that was likely hosted with Alibaba. The publication also connected the IP address to the infoamanewonliag[.]online domain, which is also associated with the attacks.

BleepingComputer was able to study a sample of the malware script that was uncovered by the Security research group, MalwareHunterTeam, which was written in PHP. The publication determined that the script is a “backdoor malware” that lets hackers control infected devices remotely. Once infected, the PHP script runs in the background, allowing the malware to connect to a device from a control server every ten seconds to perform whatever nefarious actions the bad actor wants.

Despite the malware being a “basic backdoor,” there is a lot of potential for bad actors to use it for very bad purposes including stealing credentials, or stealing data for extortion, the publication noted.

MalwareHunterTeam criticized eFile.com for not addressing the attack for several weeks. It has since been resolved; however, the extent of its impact remains unknown.

Fionna Agomuoh
Fionna Agomuoh
Computing Writer
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Topics
Looking for an OLED laptop? Get the Samsung Galaxy Book4 Ultra at $400 off
The screen of the Galaxy Book4 Ultra.

While Samsung Galaxy deals are often linked to smartphones and tablets, you can also score huge discounts on other types of devices. For example, you can currently buy the Samsung Galaxy Book4 Ultra at $400 off from Samsung itself, which brings its price down from $2,400 to $2,000. This premium laptop isn't going to stay on sale for long though, so if you're interested in this bargain, you need to push forward with your purchase as soon as you can to make sure you pocket the savings.

Why you should buy the Samsung Galaxy Book4 Ultra laptop

Read more
This iBuyPower gaming PC with 16GB of RAM is on sale for $830
The iBuyPower Element SE gaming PC on a white background.

For gaming PC deals that will give you excellent value, you should check out iBuyPower offers. Here's one from Best Buy: the iBuyPower Element SE gaming desktop at $100 off, which pulls its price down from $930 to $830. Gamers who are looking for a gaming PC for less than $1,000 won't want to miss this bargain, but you're going to have to hurry if you're interested because there's no assurance that the discount will still be online by tomorrow.

Why you should buy the iBuyPower Element SE gaming PC

Read more
The Dell XPS 13 and XPS 14 are both on sale at $300 off — hurry!
Angled front view of the Dell XPS 13 with Snapdragon X Elite processor inside.

Are you in the market for a new laptop? You simply can't go wrong with any of the Dell XPS deals that are available, and we've identified two of the best ones you can shop right now. The Dell XPS 13 9350, originally sold for $1,400, is down to $1,100 for savings of $300, while the Dell XPS 14 9440, which has a sticker price of $1,560, is on sale for $1,260, also following a $300 discount.

Following the Dell XPS reset early last year, the Dell XPS 13 and the Dell XPS 14 have further blossomed in popularity. That means you'll have to act fast if you're interested in either of these laptop deals though, as the stocks up for sale may run out at any moment.

Read more