According to Chris Boyd, a malware intelligence analyst from Malwarebytes, the scam starts with an online survey about healthcare, and eventually ends up at totally unrelated offers of media upgrade bundles – which are of course actually malware.
“With the rapidly approaching deadline for Obamacare on the horizon it’s no surprise that we’re seeing sites working it into their pages and messaging to gain a few more clicks and downloads,” Boyd said in a blog shared with Infosecurity. “[But the result here is] a rather improbable mash-up of healthcare, iPads and video players.”
It all starts with a lure site sporting a YouTube style logo that asks end users to fill in three questions on the ACA.
“You’ve been selected from to take part in our anonymous survey,” it reads. “Complete this 30-second questionnaire, and to say thank you, we’ll provide you with a few exclusive offers* including an iPhone 5, Apple iPad 2 or a Walmart Gift Card.”
The three questions concern the respondent’s opinions on Obamacare, his or her age, and the respondent’s intention to sign up for the plan. Once answered, the end user can click on their choice of “reward,” only to be taken to a different site entirely.
“If the end-user should click on (say) the iPhone 5, what would happen next?” Boyd said. “Well…if you want to be randomly shouted at in German then here comes Christmas.” To wit, the user receives a screen that says “WARNING! You should update your media player immediately!”
And that offers up a choice of two executable files: “Express (Recommended)” and “Custom (Expert),” and Nationzoom, which is pre-ticked to make it the browser homepage, default search and new tab, and Storimbo, which has no deselect available.
“As you’ve noticed, we now have very little to do with free iPhones and even less to do with any pretence of Obamacare,” Boyd said. “Well, okay. We didn’t get our iPhone, nor did we end up with anything particularly Obamacare-ish. But we did get a new video player to play with and watch content on, right? Unfortunately no, because the only content I managed to watch on this was an endless stream of errors.”
In all of the options presented, installation results in an error-crash combination. And, the rabbit hole goes further:
“The only thing that did work was the clickable advert in the top right corner, leading to a site which offers unlimited downloads and streaming with payment required depending on account type,” Boyd said.
It’s unlikely that this is an isolated case, too, so consumers should be vigilant. “No doubt as the Obamacare deadline draws ever near, there will be more sites looking to capitalize on that fact and draw end-users into a world of ad clicks, downloads and installers,” Boyd cautioned. “Steer clear of too-good-to-be-true offers and you’ll find you have a PC with a clean bill of health.”