Tax Day for US citizens is approaching fast, and cyber-criminals are exploiting the April 18 deadline to increase their malicious campaigns against users and legit tax-filing services. The eFile.com online platform recently got caught in this tax-related cybercrime resurgence, becoming a (likely) unaware spreader of malicious JavaScript files and malware payloads.
As reported by Bleeping Computer and confirmed by different security researchers, almost every page of the eFile website was serving a malicious JS script named “popper.js” at least until April 1st. The base64-encoded script was designed to load additional JS code from the infoamanewonliag dot online domain, which in turn would prompt users to download the actual malware payload named “update.exe” (for Chrome browsers) or “installer.exe”.
