For at least the last two weeks, the IRS authorized e-filing provider eFile<dot>com's website has been compromised and occasionally offering malware to its customers. The website is serving a modified JavaScript file that includes content from the attacker's website. This content is used to direct the site’s customers to a fake error page which will instruct them to install a browser update that turns out to be a remote access trojan. According to SANS Institute, a cybersecurity research group, the malware is still present on the site as of 4/4/2023.