Skip to main content

Hackers wiped out this popular tax prep software as filing deadline looms

The IRS-authorized tax preparation software service recently suffered a JavaScript malware attack in the middle of tax season, according to BleepingComputer.

The nefarious JavaScript file has been identified as popper.js and has been observed by users as well as by security researchers. The malware is believed to have surfaced on the service around mid-March and has interacted with “almost every page of, at least up until April 1st,” the publication added.

SSL error shown by (u/SaltyPotter on Reddit).

Encountering this infected JavaScript on would likely result in seeing a broken link, which is returned by infoamanewonliag[.]online. Users of the service began discussing the possibility of an attack on Reddit on March 17, noting that an SSL error message they were receiving appeared to be fake.

Researchers confirmed that the errors were indicative of a malware attack, also connecting them to the JavaScript malware file update.js. This file acted in the malware as the cue to make users download the file, and can ultimately vary depending on the browser being used, such as [update.exe – VirusTotal] for Chrome or [installer.exe – VirusTotal] for Firefox.

Having conducted its own research on the malware, BleepingComputer learned that the bad actors orchestrating the malware did so from a Tokyo-based IP address, that was likely hosted with Alibaba. The publication also connected the IP address to the infoamanewonliag[.]online domain, which is also associated with the attacks.

BleepingComputer was able to study a sample of the malware script that was uncovered by the Security research group, MalwareHunterTeam, which was written in PHP. The publication determined that the script is a “backdoor malware” that lets hackers control infected devices remotely. Once infected, the PHP script runs in the background, allowing the malware to connect to a device from a control server every ten seconds to perform whatever nefarious actions the bad actor wants.

Despite the malware being a “basic backdoor,” there is a lot of potential for bad actors to use it for very bad purposes including stealing credentials, or stealing data for extortion, the publication noted.

MalwareHunterTeam criticized for not addressing the attack for several weeks. It has since been resolved; however, the extent of its impact remains unknown.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
I put the RTX 4060 Ti up against the RX 6700 XT — and there’s a surprising winner
RX 6700 XT graphics card installed in computer.

You generally expect that a new generation of graphics cards will outperform the previous generation, but we're in a precarious spot this time around. Nvidia's recent RTX 4060 Ti hasn't been met with a warm reception, and cheaper last-gen options like the RX 6700 XT have looked increasingly attractive as their prices come down.

I threw both cards on my test bench to see which is the better one to buy, and there's a clear winner. There are some important considerations to keep in mind before picking up either GPU, though.
Where's the value?

Read more
These ingenious ideas could help make AI a little less evil
profile of head on computer chip artificial intelligence

Right now, there’s plenty of hand-wringing over the damage artificial intelligence (AI) can do. To offset that, Firefox maker Mozilla set out to encourage more accountable use of AI with its Responsible AI Challenge, and the recently announced winners of the contest show that the AI-infused future doesn’t have to be all doom and gloom.

The first prize of $50,000 went to Sanative AI, which “provides anti-AI watermarks to protect images and artwork from being used as training data” for the kind of large-language models that power AI tools like ChatGPT. There has been much consternation from photographers and artists over their work being used to train AI without permission, something Sanative AI could help to remedy.

Read more
Off to college? Acer just slashed the price of this Chromebook to $200
The Acer Chromebook 314 at a side angle.

Chromebook deals are a special bunch of great value options a lot of the time. We've spotted a particularly great one over at Acer. Right now, you can buy the Acer Chromebook 314 for $200 saving you $100 off the regular price of $300. Even better, if you use the code GRADS10 at checkout, you save an extra 10% so the Chromebook cost just $180. If previous laptop deals have been too pricey for you, this could be the one you've been waiting for. It has all the essentials you need from a Chromebook and even sports a full HD screen. Here's what else you need to know about it.

Why you should buy the Acer Chromebook 314
Acer is one of the best laptop brands for affordable computing, thanks to it knowing how to get the most from a tight budget. The Acer Chromebook 314 has all you could need in this price range. It offers an Intel Celeron N4020 processor along with 4GB of memory and 64GB of eMMC storage. If this system were running Windows 11, it'd be very sluggish but when running Chrome OS, it performs well.

Read more