Free tax filing software caught spreading malware — have you been using it?
To make matters worse, it's IRS-approved
Watch out! Tax-filing platform eFile.com got caught red-handed spreading malware to unsuspecting users, according to cybersecurity investigators (h/t Bleeping Computer).
Adding salt to injury, eFile.com is touted as a free, IRS-approved tax-filing service provider, giving users a false sense of security. As it turns out, researchers discovered that eFile.com hosted a malicious JavaScript file on its website for weeks.
eFile.com in hot water for malware fiasco
Authenticating the researchers' findings, Bleeping Computer said that it, too, spotted the aforementioned malicious JavaScript file across eFile.com's webpages. The ill-intentioned file in question is called "popper.js."
What did it do? Well, according to PCWorld, it loaded a legitimate-looking faux error page instructing users to install a browser update. But of course, it's not a real browser update — it's a trojan designed to deliver your PC a gnarly serving of malware (a Windows-based botnet attack, to be specific).
The issue was present on eFile.com since March 17, according to Johannes Ullrich, a security researcher from SANS Technology Institute. Ullrich added that only two malware scanners flagged the malware: Crowdstrike Falcon and Cynet.
It's worth noting that eFile.com was reportedly hijacked two weeks ago, according to security research group MalwareHunterTeam (MHT). But that's no excuse; MHT is still putting its foot on eFile.com's neck for not sweeping out the mess.
"So, the website of (efile[.]com), 'is an IRS authorized e-file provider' got compromised at least around middle of March & still not cleaned," MalwareHunterTeam tweeted on April 3.
Not every deal is worth a squeal. Get only the good stuff from us.
The deal scientists at Laptop Mag won't direct you to measly discounts. We ensure you'll only get the laptop and tech sales that are worth shouting about -- delivered directly to your inbox this holiday season.
As of this writing, eFile.com has not released a statement about the malware findings discovered on its website. The moral of the story? Stick to TurboTax and H&R Block.
Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!