Hackers Strike Popular Tax Prep Software as Filing Deadline Looms: eFile.com Malware Attack.
Many Americans are trying to file their taxes before the deadline. However, recent news has come to light regarding a malware attack on the IRS-authorized tax preparation software service eFile.com. This article will cover the attack’s specifics, its results, and what they mean for taxpayers.
What Happened?
According to BleepingComputer, eFile.com was targeted by hackers using a JavaScript malware file known as popper.js. The malware was present on the service from mid-March and interacted with almost every page on eFile.com up until April 1st. Users who encountered the infected JavaScript would see a broken link, which was returned by the website infoamanewonliag[.]online.
The attack was first noticed by users on Reddit on March 17th, who noted an SSL error message that appeared to be fake. Security researchers later confirmed that this error was indicative of a malware attack and connected it to the JavaScript malware file update.js, which acted as a cue to make users download the malware file.
Who is Responsible?
BleepingComputer conducted its own research on the malware and determined that it was orchestrated by bad actors using a Tokyo-based IP address, 47.245.6.91. This IP address was likely hosted with Alibaba and was also associated with the website infoamanewonliag[.]online.
The malware was written in PHP and is considered to be a backdoor malware that lets hackers control infected devices remotely. Once infected, the PHP script runs in the background, allowing the malware to connect to a device from a control server every ten seconds to perform whatever actions the bad actor desires.
What is the Impact?
The extent of the malware’s impact on eFile.com remains unknown. However, BleepingComputer noted that the malware was a “basic backdoor” with the potential for bad actors to use it for nefarious purposes such as stealing credentials or data for extortion.
MalwareHunterTeam criticized eFile.com for failing to respond to the attack for a couple of weeks. But the problem has now been fixed.
How Can Taxpayers Protect Themselves?
While it is unclear how many eFile.com users were impacted by malware attack. Taxpayers can take steps to protect themselves against this type of attacks.
Make sure your anti-virus software is up to date and regular device scans. Additionally, be wary of suspicious emails or links, as they may contain malware. Finally, use unique passwords for each online account and enable two-factor authentication whenever possible.
Recent malware attack on eFile.com highlights the importance of remaining vigilant when it comes to online security. As taxpayers increasingly turn to online tax preparation services, it is crucial services for prioritize security of their users’ sensitive information. Taxpayers may reduce their risk of becoming a victim of similar attacks by taking preventative steps to protect themselves.