eFile tax website served malware to visitors for weeks

本文共有2841个字。 # / a

eFile.com was serving malware

 

 

AppleInsider may earn an affiliate commission on purchases made through links on our site.

Just in time for tax season, the IRS-authorized eFile website prompted users to install a Windows botnet trojan through April 1.

Windows users that used eFile.com may have been exposed to a malicious JavaScript file prompting users to install a second-stage payload. While users would have needed to interact with this and install the .exe file, it is still recommended to run a virus scan.

According to a report from Bleeping Computer, Reddit users pointed out that the malware had been served since at least mid-march. It has been independently verified that eFile is no longer serving the malware as of April 4.

This affected the eFile website directly. Users that interacted with the service on a Windows PC will need to ensure their system is secure. Neither macOS nor iOS were not affected, but we're discussing the issue to bring awareness, given that the IRS has yet to make a formal statement about the issue, and millions of Americans could be affected.

A JavaScript file called popper.js was being loaded by nearly every page of eFile.com until at least April, the report confirmed. An additional file named update.js associated with the attack would prompt users to download the next stage of the payload, a Windows executable that changed based on which browser was in use — Chrome or Firefox.

This malicious software was being served from a Tokyo-based IP address hosted with Alibaba. If installed, the trojan would act as a simple backdoor and turn the Windows machine into a botnet member.

The malware would connect to a remote command and control center every ten seconds to receive a task. And despite being a simple backdoor, it had full access to a device.

Antivirus products have reportedly already started flagging the executables as trojans. Again, we urge any Windows user that visited eFile.com in recent weeks to run a scan of their device.

版权声明:本文来源自网络,经修正后供个人鉴赏、娱乐,如若侵犯了您的版权,请及时联系我们进行删除!

添加新评论

暂无评论