1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • IRS-authorized tax service eFile was found sending out malware

    From TechnologyDaily@1337:1/100 to All on Wed Apr 5 13:15:04 2023
    IRS-authorized tax service eFile was found sending out malware

    Date:
    Wed, 05 Apr 2023 12:08:26 +0000

    Description:
    eFile Malware would give the attackers full control over the target endpoint.

    FULL STORY ======================================================================

    IRS-authorized tax service eFile.com appears to have been hijacked and used
    to distribute malware , researchers have found.

    The website hosts an e-file software solution, authorized by the Internal Revenue Service (IRS), that offers tax returns filing services .

    As reported by multiple security teams as well as customers, a threat actor managed to compromise the website in mid-March 2023, injecting a malicious JavaScript file called popper.js. This file was present on practically all of the pages of the site, and it tried to get visitors to download a
    second-stage payload. Full control

    The payload is a Windows botnet written in PHP. There are different versions, depending if the visitors are using Chrome, or Firefox. Most antivirus programs are now flagging the botnet as a trojan, and the website stopped serving them as of April 1. Its key functionality is giving the attackers
    full access to the target endpoint, which they can later use for further attacks, as well as lateral movement across the target network. Further attacks could see them deploy malware, infostealers, or even ransomware.

    While the researchers did not yet determine exactly who was behind the
    attack, it was found that the two versions try to establish a connection to
    an IP address based in Tokyo, apparently hosted with Alibaba. The same IP address was also found hosting a different illicit domain. Read more

    Microsoft OneNote is being fixed after surge in malware


    Microsoft OneNote is still being used to flood devices with malware


    Check out the best identity theft protection software right now

    Its difficult to assess how many people got compromised as a result of this campaign. The full scope of the incident remains to be seen.

    The news is particularly concerning as it is currently tax filing season in the United States, where consumers and businesses have until April 18 to file their tax returns. It is an event that cybercriminals often use as a starting point for their activities. Sometimes, theyd assume other peoples identities and file taxes on their behalf, in order to steal the money. In other scenarios, theyd impersonate the IRS and try to send out malware via email. Here are the best firewalls today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-irs-authorized-tax-service-was-found-sendi ng-out-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)