An IRS-approved software service for filing taxes electronically, eFile.com, was found to be delivering JavaScript malware just at the height of tax-return season.

eFile.com, which was used as a conduit for filing more than 66 million tax returns in 2022, was flagged by users and researchers alike. The malicious file existed on the website for weeks — named "popper.js," it was being loaded by nearly every page on the website.

Suspicions of a "hijacking" of the website first began on March 17 when a Reddit thread raised awareness of the site redirecting users to a fake "Network Error" page. Ultimately, these Reddit users were correct in their suspicions, as researchers found another file named "update.js" that had a fake SSL error message, prompting "users to download next stage payload."

The incident serves as a warning regarding the safety of tax filing services and their cybersecurity due to the highly sensitive information it involves, as well as the fact that the website was compromised for an extended period of time without being resolved.

"Tax filing services and their customers are prime targets for cybercriminals in the peak of their busiest season of the year," said Zane Bond, head of product at Keeper Security, a Chicago-based provider of zero-trust and zero-knowledge cybersecurity software, in an emailed statement. "What should you do when you're up against the deadline to get your taxes filed? Remain cautious and don't make rushed clicks. If you are concerned about the security of any tax filing software you're using, consider using a certified professional or the federal government's e-file site to file your taxes."