Skip to main content
  1. Home
  2. Computing
  3. News

Hackers wiped out this popular tax prep software as filing deadline looms

Add as a preferred source on Google

The IRS-authorized tax preparation software service eFile.com recently suffered a JavaScript malware attack in the middle of tax season, according to BleepingComputer.

The nefarious JavaScript file has been identified as popper.js and has been observed by eFile.com users as well as by security researchers. The malware is believed to have surfaced on the service around mid-March and has interacted with “almost every page of eFile.com, at least up until April 1st,” the publication added.

SSL error shown by eFile.com (u/SaltyPotter on Reddit).
Image used with permission by copyright holder

Encountering this infected JavaScript on eFile.com would likely result in seeing a broken link, which is returned by infoamanewonliag[.]online. Users of the service began discussing the possibility of an attack on Reddit on March 17, noting that an SSL error message they were receiving appeared to be fake.

Recommended Videos

Researchers confirmed that the errors were indicative of a malware attack, also connecting them to the JavaScript malware file update.js. This file acted in the malware as the cue to make users download the file, and can ultimately vary depending on the browser being used, such as [update.exe – VirusTotal] for Chrome or [installer.exe – VirusTotal] for Firefox.

Having conducted its own research on the malware, BleepingComputer learned that the bad actors orchestrating the malware did so from a Tokyo-based IP address, 47.245.6.91 that was likely hosted with Alibaba. The publication also connected the IP address to the infoamanewonliag[.]online domain, which is also associated with the attacks.

BleepingComputer was able to study a sample of the malware script that was uncovered by the Security research group, MalwareHunterTeam, which was written in PHP. The publication determined that the script is a “backdoor malware” that lets hackers control infected devices remotely. Once infected, the PHP script runs in the background, allowing the malware to connect to a device from a control server every ten seconds to perform whatever nefarious actions the bad actor wants.

Despite the malware being a “basic backdoor,” there is a lot of potential for bad actors to use it for very bad purposes including stealing credentials, or stealing data for extortion, the publication noted.

MalwareHunterTeam criticized eFile.com for not addressing the attack for several weeks. It has since been resolved; however, the extent of its impact remains unknown.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
I let Radial menu take over my Mac, and I’m never going back
One mouse jiggle, endless shortcuts. My Mac has never felt this fast.
Radial app running on Mac

I have been testing Radial for the past week, and it's quickly become one of those apps I didn’t know how I could live without. It's a radial menu for macOS that puts your shortcuts, scripts, and automations right where your cursor is, so you never have to go hunting through menus to find what you need.

The app just received its 5.0 update, adding AI actions powered by Claude, window layouts, variables, a redesigned settings interface, a new Atmosphere background effect, and a squircle menu shape. I got to try most of these, and here's what I found.

Read more
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more
As AI turbocharges digital abuse, UK agencies urge parents to limit who sees kids’ photos online
The National Crime Agency and Internet Watch Foundation are asking parents to tighten privacy settings as AI-generated abuse material rises.
Social Media

Parents who post pictures of their kids online are being told to rethink the habit. The UK's National Crime Agency and the Internet Watch Foundation have issued new guidance urging families to lock down their social media accounts, warning that publicly shared photos are increasingly being pulled and altered by AI tools to create child sexual abuse material.

The two organizations say most parents have no idea this is happening. Criminals no longer need to contact a child directly to generate such material. They can scrape an ordinary photo and run it through widely available nudify apps.

Read more