IRS-Authorized eFile.com Tax Return Software Caught Serving JS Malware (bleepingcomputer.com) 32
eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware. BleepingComputer reports: eFile.com was caught serving malware, as spotted by multiple users and researchers. The malicious JavaScript file in question is called 'popper.js'. The development comes at a crucial time when U.S. taxpayers are wrapping up their IRS tax returns before the April 18th due date. BleepingComputer can confirm, the malicious JavaScript file 'popper.js' was being loaded by almost every page of eFile.com, at least up until April 1st. As of today, the file is no longer seen serving the malicious code.
On March 17th, a Reddit thread surfaced where multiple eFile.com users suspected the website was "hijacked." At the time, the website showed an SSL error message that, some suspected, was fake and indicative of a hack. Turns out that's indeed the case. [...] The malicious JavaScript file 'update.js', further attempts to prompt users to download next stage payload, depending on whether they are using Chrome [update.exe - VirusTotal] or Firefox [installer.exe - VirusTotal]. Antivirus products have already started flagging these executables as trojans.
BleepingComputer has independently confirmed these binaries establish a connection to a Tokyo-based IP address, 47.245.6.91, that appears to be hosted with Alibaba. The same IP also hosts the illicit domain, infoamanewonliag[.]online associated with this incident. Security research group, MalwareHunterTeam further analyzed these binaries, and stated that these contain Windows botnets written in PHP -- a fact that the research group mocked. Additionally, the group called out eFile.com for leaving the malicious code on its website for weeks: "So, the website of [efile.com]... got compromised at least around middle of March & still not cleaned," writes MalwareHunterTeam.
On March 17th, a Reddit thread surfaced where multiple eFile.com users suspected the website was "hijacked." At the time, the website showed an SSL error message that, some suspected, was fake and indicative of a hack. Turns out that's indeed the case. [...] The malicious JavaScript file 'update.js', further attempts to prompt users to download next stage payload, depending on whether they are using Chrome [update.exe - VirusTotal] or Firefox [installer.exe - VirusTotal]. Antivirus products have already started flagging these executables as trojans.
BleepingComputer has independently confirmed these binaries establish a connection to a Tokyo-based IP address, 47.245.6.91, that appears to be hosted with Alibaba. The same IP also hosts the illicit domain, infoamanewonliag[.]online associated with this incident. Security research group, MalwareHunterTeam further analyzed these binaries, and stated that these contain Windows botnets written in PHP -- a fact that the research group mocked. Additionally, the group called out eFile.com for leaving the malicious code on its website for weeks: "So, the website of [efile.com]... got compromised at least around middle of March & still not cleaned," writes MalwareHunterTeam.
Re:"Tell me this isn't a government operation" (Score:4, Informative)
"eFile.com, an IRS-authorized e-file software service provider" It's not a government site, it's an independent site that was authorized by the IRS.
Re: (Score:2)
Look out we have a real edge lord in here!
Re: (Score:3)
your only choice
You can also fill out the forms by hand and file using US Mail.
Re: "Tell me this isn't a government operation" (Score:2)
But you *can't* settle your taxes in pennies!
Re: (Score:2)
You can't pay your taxes owed with any kind of cash, actually. You have to use their "retail partner". Money orders, debit or credit cards, EFTs and of course checks are OK.
You can't send them a single check for $100 million dollars or more. You have to spread it between multiple checks. I sure hope I can put them all in the same envelope. Because I'm drawing the line at using more than one 63 cent stamp. What do they think I am? Made out of money?
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
What business or corporation doesn’t operate on that same principle?
Re: "Tell me this isn't a government operation" (Score:2)
The difference is that in order to bid on government work, you must be blessed by the government to follow government-mandated business practices and usually to specifically follow the Federal Acquisition Rules in your own subcontracts.
This creates a compliance barrier that has the effect of creating a closed ecosystem of companies who derive most or all of their revenue from a single client and a limited pool to choose from for the government.
So if I'm a regular top hat wearing capitalist chomping on my ci
Re: (Score:2)
Frankly I find that if I think through what I re
Re:"Tell me this isn't a government operation" (Score:5, Insightful)
The United States Post Office was one of the most capable and efficient organizations in the world. It's successor, the semi-privatized USPS, not quite so much, although it did continue the fundamental work in machine vision and sortation that became the foundation for modern parcel delivery and eventually e-commerce. But it employed too many of the wrong kind of people (wink/nudge/CLANG) and of course they were comm-u-NISTS, I mean union members, so it had to be destroyed by a certain element of our society. Step 1: publicity campaign to convince 34% of the population that a highly efficient service on which their community depended (and still depends) was neither.
Re: (Score:2)
Send a letter with one of the other "solutions" and then tell me they are better then the Post Office.
Re: (Score:2)
Frankly, after having lived in Great Britain, I can honestly say that our USPS in the USA is about 75% cheaper than the Brit's and just as good as theirs.
Re: (Score:2)
Dead tree plus snail mail is looking better and better. Less than a dollar for postage plus the envelope and nine sheets of paper (two less than last year, yay me!)
Re: (Score:2)
I printed my return, just to review it.
The stack of paper is 1/2 inch high -- although that is the combination of Federal and State returns.
Not everyone has a simple tax return.
It's Time to Modernize (Score:3, Interesting)
Re: (Score:2)
It reinforces a habit of compliance.
Re: (Score:3)
No argument there, but first you have to get the politicians of both parties to get rid of all the special preferences and extra taxes listed in detail on 1040 Schedules 1, 2 and 3.
Good luck.
Re: (Score:2)
Well, you don't have to use 3rd party applications - you can still do your taxes by yourself if you wanted to. I know a few masochists who do it.
The thing is, tax software and the like make it so much easier - instead of spending days on figuring out h
malware analysis (Score:5, Informative)
analysis of the malware installed:
https://isc.sans.edu/diary/Ana... [sans.edu]
also the original article showing the infection chain:
https://isc.sans.edu/diary/Sup... [sans.edu]
Any particular reason to mention the IRS (Score:3)
Clickbait: Slashdot editor skipped key sentence. (Score:1)
From the original article: "Note, this security incident specifically concerns eFile.com and not IRS' e-file infrastructure or identical sounding domains."
The IRS Is Malware (Score:1, Troll)
Remove it immediately.
"SSL error message" (Score:5, Interesting)
Were they really cracked or was it from offshoring (Score:2)
Fact is, that much of the malware that is being served up on western servers is caused because of offshoring or internal employees, making some $.
As to the offshoring producing cracked systems, not surprised. Western companies will pay ppl in India 1/10 of what westerners are paid, but then India's closet ally comes along and offers same employee 10-20x for them to simply leave a backdoor. With 1 little action, that offshore worker is