IRS-authorized eFile.com tax return software caught serving JS malware

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/irs-authorized-efilecom-tax-return-software-caught-serving-js-malware/

eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.
Security researchers state the malicious JavaScript file existed on eFile.com website for weeks. BleepingComputer has been able to confirm the existence of the malicious JavaScript file in question, at the time.

Note, this security incident specifically concerns eFile.com and not identical sounding domains or IRS' e-file infrastructure.

Just in time for tax season​

eFile.com was caught serving malware, as spotted by multiple users and researchers. The malicious JavaScript file in question is called 'popper.js': .... ....

Website 'hijacked' over 2 weeks ago​

On March 17th, a Reddit thread surfaced where multiple eFile.com users suspected the website was "hijacked."
At the time, the website showed an SSL error message that, some suspected, was fake and indicative of a hack: .... ....