IRS-authorized tax service distributed malware for weeks — see if you're at risk

A man filing his taxes electronically on a laptop
(Image credit: Shutterstock)

Filing your taxes electronically is certainly easier than doing so the old-fashioned way but taxpayers that used the tax preparation service over the last few weeks could have been exposed to malware. is an IRS-authorized e-file service provider that’s used by many in the U.S. to file their tax returns. However, security researchers have discovered that the company’s website had been hosting a malicious JavaScript file for weeks after being hijacked by hackers.

The malicious JavaScript file is called ‘popper.js’ according to BleepingComputer and it was loaded on almost every page of up until at least April 1st of this year. Fortunately, the file is no longer generating fake error messages which were used to distribute malware.

Hijacked website

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

In a Reddit post from March 17, a number of users voiced their concerns that the company’s website may have been hijacked after an SSL error message began appearing on the site.

The fake error message said that “The site can’t be reached” while warning users that the current version of their browser “uses an unsupported protocol." It also contained a link that customers could use to update their browser.

Instead of an actual browser update which are typically delivered inside the browser itself, this update contains another malicious JavaScript file called ‘update.js’. Users that did download it were then prompted to download the next stage payload as well, which was either update.exe for Google Chrome or installer.exe for Mozilla Firefox.

Security researchers at MalwareHunterTeam analyzed this fake update file and explained in a Twitter post that it was actually “Windows targeting malware” that could be used to power a botnet.

At this time though, the full scope of the incident including how many customers may have been successfully infected with malware is unknown. Likewise, the company has yet to release a statement on the matter. 

However, the LockBit ransomware gang did say that it had hacked back in January which would have given the cybercriminal group more than enough time to prepare and launch an attack on the company’s customers.

How to stay safe when filing your taxes online

If you did use to prepare your tax return between March and April of this year, you may have accidentally installed malware on your Windows PC thinking your browser did require an update. 

If this is the case, you can use the best antivirus software to thoroughly scan your system for any signs of a malware infection. It may also be worth signing up for one of the best identity theft protection services as they can help you regain lost funds in addition to recovering your identity.

Despite this recent attack on, filing your taxes electronically is still the easiest way to do so for most people. However, you want to thoroughly research any tax service you plan on using and even if it costs a bit more, it’s worth going with a well-known provider like one from our list of the best tax software since so many personal and financial details are included when filing your taxes.

We’ll likely hear more about this incident once decides to release a statement, though the company could be forced to issue a data breach notification to affected customers as well.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.