eFile Tax Return Software Found Serving Up Malware

In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.

Dark Reading Staff, Dark Reading

April 4, 2023

1 Min Read
a tax return sheet next to a pile of dollar bills.
Source: Mangostock via Alamy Stock Photo

An IRS-approved software service for filing taxes electronically, eFile.com, was found to be delivering JavaScript malware just at the height of tax-return season.

eFile.com, which was used as a conduit for filing more than 66 million tax returns in 2022, was flagged by users and researchers alike. The malicious file existed on the website for weeks — named "popper.js," it was being loaded by nearly every page on the website.

Suspicions of a "hijacking" of the website first began on March 17 when a Reddit thread raised awareness of the site redirecting users to a fake "Network Error" page. Ultimately, these Reddit users were correct in their suspicions, as researchers found another file named "update.js" that had a fake SSL error message, prompting "users to download next stage payload."

The incident serves as a warning regarding the safety of tax filing services and their cybersecurity due to the highly sensitive information it involves, as well as the fact that the website was compromised for an extended period of time without being resolved.

"Tax filing services and their customers are prime targets for cybercriminals in the peak of their busiest season of the year," said Zane Bond, head of product at Keeper Security, a Chicago-based provider of zero-trust and zero-knowledge cybersecurity software, in an emailed statement. "What should you do when you're up against the deadline to get your taxes filed? Remain cautious and don't make rushed clicks. If you are concerned about the security of any tax filing software you're using, consider using a certified professional or the federal government's e-file site to file your taxes."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights