Skip to main content

Hackers wiped out this popular tax prep software as filing deadline looms

The IRS-authorized tax preparation software service eFile.com recently suffered a JavaScript malware attack in the middle of tax season, according to BleepingComputer.

The nefarious JavaScript file has been identified as popper.js and has been observed by eFile.com users as well as by security researchers. The malware is believed to have surfaced on the service around mid-March and has interacted with “almost every page of eFile.com, at least up until April 1st,” the publication added.

SSL error shown by eFile.com (u/SaltyPotter on Reddit).
Image used with permission by copyright holder

Encountering this infected JavaScript on eFile.com would likely result in seeing a broken link, which is returned by infoamanewonliag[.]online. Users of the service began discussing the possibility of an attack on Reddit on March 17, noting that an SSL error message they were receiving appeared to be fake.

Researchers confirmed that the errors were indicative of a malware attack, also connecting them to the JavaScript malware file update.js. This file acted in the malware as the cue to make users download the file, and can ultimately vary depending on the browser being used, such as [update.exe – VirusTotal] for Chrome or [installer.exe – VirusTotal] for Firefox.

Having conducted its own research on the malware, BleepingComputer learned that the bad actors orchestrating the malware did so from a Tokyo-based IP address, 47.245.6.91 that was likely hosted with Alibaba. The publication also connected the IP address to the infoamanewonliag[.]online domain, which is also associated with the attacks.

BleepingComputer was able to study a sample of the malware script that was uncovered by the Security research group, MalwareHunterTeam, which was written in PHP. The publication determined that the script is a “backdoor malware” that lets hackers control infected devices remotely. Once infected, the PHP script runs in the background, allowing the malware to connect to a device from a control server every ten seconds to perform whatever nefarious actions the bad actor wants.

Despite the malware being a “basic backdoor,” there is a lot of potential for bad actors to use it for very bad purposes including stealing credentials, or stealing data for extortion, the publication noted.

MalwareHunterTeam criticized eFile.com for not addressing the attack for several weeks. It has since been resolved; however, the extent of its impact remains unknown.

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Gigabyte just confirmed AMD’s Ryzen 9000 CPUs
Pads on the AMD Ryzen 7 7800X3D.

Gigabyte spoiled AMD's surprise a bit by confirming the company's next-gen CPUs. In a press release announcing a new BIOS for X670, B650, and A620 motherboards, Gigabyte not only confirmed that support has been added for next-gen AMD CPUs, but specifically referred to them as "AMD Ryzen 9000 series processors."

We've already seen MSI and Asus add support for next-gen AMD CPUs through BIOS updates, but neither of them called the CPUs Ryzen 9000. They didn't put out a dedicated press release for the updates, either. It should go without saying, but we don't often see a press release for new BIOS versions, suggesting Gigabyte wanted to make a splash with its support.

Read more
ExpressVPN Deals: Save 49% when you sign up today
Express VPN logo.

VPNs have become pretty important in the modern world, whether it's a matter of unlocking geo-blocked content or providing an extra layer of security to your connection when you're out in public. Luckily, one of the best VPNs on the market has a sale right now that will save you 49% on the regular pricing. You also get a 30-day money-back guarantee to test it out, which is great because there isn't any Express VPN free trial you can take advantage of. That said, if the deal below doesn't quite tickle your fancy, or Express VPN is not the VPN that fits your needs, you can check out some of these other great VPN deals as well.

Today's Best ExpressVPN Deal

Read more
Save $100 on this Netgear mesh Wi-Fi system at Crutchfield
netgear orbi ax6000 tri band wi fi system deal crutchfield april 2024 lifestyle

If you want every corner of your home to have access to a stable internet connection, you're going to want to buy a mesh Wi-Fi system. There are lots of options out there among all the router deals online, but here's one that we recommend -- the Netgear Orbi AX6000 tri-band Wi-Fi system, which Crutchfield is selling at $100 off. Instead of $900, you'll just have to pay $800 for this mesh Wi-Fi system, but only if you hurry. The discount is expected to last for a few more days, but we're not sure if stocks will still be available by the end of the sale.

Why you should buy the Netgear Orbi AX6000 tri-band Wi-Fi system
The Netgear Orbi AX6000 tri-band Wi-Fi system includes a router module and two satellites to create a mesh network that supports Wi-Fi 6 and will provide coverage across 7,500 square feet. The router and the satellites will use a single network name for a seamless connection as you move around -- horizontally or vertically -- and MU-MIMO technology will allow for simultaneous streaming across multiple devices, so even if everyone in the family is connected to the mesh Wi-Fi system at the same time, nobody will experience any lag or buffering while watching streaming shows.

Read more