Just in time for tax season, the IRS-authorized eFile website prompted users to install a Windows botnet trojan through April 1.
According to a report from Bleeping Computer, Reddit users pointed out that the malware had been served since at least mid-march. It has been independently verified that eFile is no longer serving the malware as of April 4.
This affected the eFile website directly. Users that interacted with the service on a Windows PC will need to ensure their system is secure. Neither macOS nor iOS were not affected, but we're discussing the issue to bring awareness, given that the IRS has yet to make a formal statement about the issue, and millions of Americans could be affected.
This malicious software was being served from a Tokyo-based IP address hosted with Alibaba. If installed, the trojan would act as a simple backdoor and turn the Windows machine into a botnet member.
The malware would connect to a remote command and control center every ten seconds to receive a task. And despite being a simple backdoor, it had full access to a device.
Antivirus products have reportedly already started flagging the executables as trojans. Again, we urge any Windows user that visited eFile.com in recent weeks to run a scan of their device.