Skip to main content
  1. Home
  2. Computing
  3. News

Hackers wiped out this popular tax prep software as filing deadline looms

Fionna Agomuoh
By

The IRS-authorized tax preparation software service eFile.com recently suffered a JavaScript malware attack in the middle of tax season, according to BleepingComputer.

The nefarious JavaScript file has been identified as popper.js and has been observed by eFile.com users as well as by security researchers. The malware is believed to have surfaced on the service around mid-March and has interacted with “almost every page of eFile.com, at least up until April 1st,” the publication added.

SSL error shown by eFile.com (u/SaltyPotter on Reddit).

Encountering this infected JavaScript on eFile.com would likely result in seeing a broken link, which is returned by infoamanewonliag[.]online. Users of the service began discussing the possibility of an attack on Reddit on March 17, noting that an SSL error message they were receiving appeared to be fake.

Recommended Videos

Researchers confirmed that the errors were indicative of a malware attack, also connecting them to the JavaScript malware file update.js. This file acted in the malware as the cue to make users download the file, and can ultimately vary depending on the browser being used, such as [update.exe – VirusTotal] for Chrome or [installer.exe – VirusTotal] for Firefox.

Having conducted its own research on the malware, BleepingComputer learned that the bad actors orchestrating the malware did so from a Tokyo-based IP address, 47.245.6.91 that was likely hosted with Alibaba. The publication also connected the IP address to the infoamanewonliag[.]online domain, which is also associated with the attacks.

BleepingComputer was able to study a sample of the malware script that was uncovered by the Security research group, MalwareHunterTeam, which was written in PHP. The publication determined that the script is a “backdoor malware” that lets hackers control infected devices remotely. Once infected, the PHP script runs in the background, allowing the malware to connect to a device from a control server every ten seconds to perform whatever nefarious actions the bad actor wants.

Despite the malware being a “basic backdoor,” there is a lot of potential for bad actors to use it for very bad purposes including stealing credentials, or stealing data for extortion, the publication noted.

MalwareHunterTeam criticized eFile.com for not addressing the attack for several weeks. It has since been resolved; however, the extent of its impact remains unknown.

Editors' Recommendations

Topics
Fionna Agomuoh
Fionna Agomuoh
Computing Writer
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
How to apply and clean off thermal paste
Thermal paste application on CPU.

If you're building a computer, you need thermal paste, or heat paste, to ensure that your computer's processor doesn't overheat. It's a gloopy, silvery material that you squirt between the processor and the cooler to fill in all the micro cavities in their surfaces, enabling a more efficient transfer of heat from the processor to the cooler. The best heatpastes work so well they let your processor run harder and faster, at lower temperatures, making your PC quieter in turn.

You need to replace the thermal interface material every few years, too, so if you haven't opened up your PC in a while, it might be time to give it a spring clean.

Read more
Built for business, this HP laptop with 64GB of RAM is $2,050 off
Someone using the HP Zbook Studio.

Despite Covid increasingly becoming more "distant memory" than "constant fear," a large amount of Americans are still working from home. The result? Maybe it's time for going to work to officially become a "distant memory" and not a "constant fear" as well. One of the best ways to celebrate this realization could be by buying one of the best business laptops, and your new coffeeshop companion, while it is heavily on sale. It's the HP ZBook Firefly, which is usually $4,549, for $2,050 off. That makes it's final price $2,499. Check it out via the button below.

Why you should buy an HP ZBook Firefly
The HP ZBook Firefly is a business-optimized laptop with excellent memory and storage to support both advanced editing software and local storage of sensitive documents. In fact, the 1 TB of local storage is on a PCie drive, which runs faster than both HDD and SSD drives. It runs on a 13th Gen Intel Core i7 processor with a Windows 11 Pro operating system. The 14-inch screen is in a 16:10 aspect ratio. While we've seen this aspect ratio before, it is still at least somewhat unusual. The reasoning behind it? It shows 11% more vertical content than 16:9 displays, increasing scroll efficiency.

Read more
This ultra-durable 2TB external SSD is $115 off until tomorrow
SanDisk Extreme Portable SSD sitting next to keys.

In this day and age, everyone has some files, photos, or videos that they want to keep safe. You can do so with the SanDisk Extreme, an ultra-durable external SSD that's currently on sale from Best Buy. The 2TB model will be yours for just $110, which is less than half its original price of $225 following a $115 discount. You're going to have to hurry with your purchase though -- the offer will last until the end of the day, but we're not sure if stocks will still be available by then.

Why you should buy the SanDisk Extreme external SSD
In our SSD versus HDD comparison, the advantages of SSDs include faster speeds and improved durability. You'll enjoy both of these benefits with the SanDisk Extreme external SSD. It offers a read speed of up to 1,050 MB/s and a write speed of up to 1,000 MB/s, which may be slower than the 2,000 MB/s speed of the SanDisk Extreme Pro that appears in our list of the best external hard drives, but still quick nonetheless.

Read more