IRS-authorized tax service eFile.com appears to have been hijacked and used to distribute malware, researchers have found. 

The website hosts an e-file software solution, authorized by the Internal Revenue Service (IRS), that offers tax returns filing services.

As reported by multiple security teams as well as customers, a threat actor managed to compromise the website in mid-March 2023, injecting a malicious JavaScript file called “popper.js”. This file was present on practically all of the pages of the site, and it tried to get visitors to download a second-stage payload.

Full control

The payload is a Windows botnet written in PHP. There are different versions, depending if the visitors are using Chrome, or Firefox. Most antivirus programs are now flagging the botnet as a trojan, and the website stopped serving them as of April 1. Its key functionality is giving the attackers full access to the target endpoint, which they can later use for further attacks, as well as lateral movement across the target network. Further attacks could see them deploy malware, infostealers, or even ransomware.

While the researchers did not yet determine exactly who was behind the attack, it was found that the two versions try to establish a connection to an IP address based in Tokyo, apparently hosted with Alibaba. The same IP address was also found hosting a different illicit domain.

It’s difficult to assess how many people got compromised as a result of this campaign. The full scope of the incident remains to be seen.

The news is particularly concerning as it is currently tax filing season in the United States, where consumers and businesses have until April 18 to file their tax returns. It is an event that cybercriminals often use as a starting point for their activities. Sometimes, they’d assume other people’s identities and file taxes on their behalf, in order to steal the money. In other scenarios, they’d impersonate the IRS and try to send out malware via email.

Via: BleepingComputer

Go to Source

Follow us on FacebookTwitter and InstagramWe are growing. Join our 6,000+ followers and us.

At TechRookies.com will strive to help turn Tech Rookies into Pros!

Want more articles click Here!

Deals on Homepage!

M1 Finance is a highly recommended brokerage start investing today here!

WeBull. LIMITED TIME OFFER: Get 3 free stocks valued up to $6300 by opening & funding a #Webull brokerage account! “>Get started >Thanks for visiting!

Subscribe to our newsletters. Here! On the homepage

Tech Rookies Music Here!

Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.

Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting Teachrookies.com

Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.