Watch out! Tax-filing platform eFile.com got caught red-handed spreading malware to unsuspecting users, according to cybersecurity investigators (h/t Bleeping Computer).
Adding salt to injury, eFile.com is touted as a free, IRS-approved tax-filing service provider, giving users a false sense of security. As it turns out, researchers discovered that eFile.com hosted a malicious JavaScript file on its website for weeks.
eFile.com in hot water for malware fiasco
Authenticating the researchers' findings, Bleeping Computer said that it, too, spotted the aforementioned malicious JavaScript file across eFile.com's webpages. The ill-intentioned file in question is called "popper.js."
What did it do? Well, according to PCWorld, it loaded a legitimate-looking faux error page instructing users to install a browser update. But of course, it's not a real browser update — it's a trojan designed to deliver your PC a gnarly serving of malware (a Windows-based botnet attack, to be specific).
The issue was present on eFile.com since March 17, according to Johannes Ullrich, a security researcher from SANS Technology Institute. Ullrich added that only two malware scanners flagged the malware: Crowdstrike Falcon and Cynet.
It's worth noting that eFile.com was reportedly hijacked two weeks ago, according to security research group MalwareHunterTeam (MHT). But that's no excuse; MHT is still putting its foot on eFile.com's neck for not sweeping out the mess.
"So, the website of (efile[.]com), 'is an IRS authorized e-file provider' got compromised at least around middle of March & still not cleaned," MalwareHunterTeam tweeted on April 3.
As of this writing, eFile.com has not released a statement about the malware findings discovered on its website. The moral of the story? Stick to TurboTax and H&R Block.