"Troj/Dumaru-BZ has infected a small number of tax agents' computer systems compromising their Tax Agent Portal user ID and password details. As a precaution we have restricted impacted agents' access to the portal until their systems have been checked," said a warning posted on the ATO's Web site.
According to anti-virus firm Sophos, the Trojan is capable of capturing data in various forms, including information copied on a clipboard and "protected storage area of Windows," as well as cached passwords.
Sophos also warned that the Dumaru "looks" for financial information stored in certain applications, such as E-Gold, WebMoney, Total Commander and Far Manager.
An ATO spokesperson on Thursday told ZDNet Australia that only a "handful" of agents were hit by the Trojan.
"There were only about three agents affected so we are talking about very small numbers. Even though it is only a handful we have an obligation to warn all agents when this sort of thing happens and we take it very seriously," the spokesperson said.
Sophos issued a signature update against Dumaru on 8 March.
