It’s tax season in the United States. Normally the most worrisome part of paying taxes is figuring out who counts as a dependant or whether or not you’re technically a contractor. But a recent issue with the free filing service eFile.com, authorized and tacitly endorsed by the IRS, has added a whole new layer of stress to filing your taxes. Security researchers found a malicious JavaScript file spreading malware on the site itself.

The best windows antivirus

Norton 360 Deluxe

Read our reviewPrice When Reviewed:$49.99 for the first yearBest Prices Today:$19.99 at PCWorld Software Store | $49.99 at Norton

According to a report by BleepingComputer, several Reddit posters saw odd but familiar behavior when they went to eFile.com (which is a separate, for-profit tax company, despite the identical name to IRS eFile). If you’ve been on the web long enough, you’ve seen something similar: The JavaScript file shows a dummy error page and instructs users to download a browser update, which in fact is a load of malware, specifically a Windows-based botnet program. The downloads are successfully spotted and neutralized by at least some antivirus programs, driving home the need to keep your PC protected.

BleepingComputer, MalwareHunterTeam, and other security researchers have confirmed that at least some pages on eFile.com were compromised with the JavaScript loader. The issue was present on eFile.com as far back as March 17th of this year, and as of the time of writing, does not appear to be fixed. Despite being alerted by multiple parties, eFile does not seem to have made a statement on the subject.

Author: Michael Crider, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Recent stories by Michael Crider:

Update now! Chome plugs its fifth emergency zero-day exploit of 2024Ring of bogus web shops steals 850K credit card numbersIf you get a phone call from LastPass, it’s a scam