SMS malware firm ordered to compensate victims

Summary:A Moscow-based firm has been fined £50,000 ($77,500) and ordered to refund victims after an Android-based link subscribed customers to a premium-rate service without consent.

A Moscow-based firm has been fined £50,000 ($77,500) and ordered to refund victims after an Android-based link subscribed customers to a premium-rate service without consent.

The UK premium phone services regulator PhonepayPlus has ordered Connect Ltd -- trading as SMSBill -- to refund all customers who have been affected, whether or not they have claimed compensation.

The firm is behind a malicious Facebook link which, once clicked, downloaded malware on to Android-based smartphones. Masquerading as an app which provided access to games, an SMS message was then sent from the phone, automatically subscribing the owner to the service.

The sent message generated an auto-reply text, which then cost the owner £10 ($15). On page 6 of the app's terms and conditions, a price of "about £5" was specified. 

The UK watchdog has ordered that customers will be credited on their next mobile phone bill and refunds must be offered within three months. If the number is no longer in use, then the refund will go to charity. Connect is estimated to have gained fraudulent profits of £250,000 ($397,000) through the scheme.

Senior technology consultant at Sophos Graham Cluley said:

"The sending of expensive SMS messages is one of the most common ways in which smartphone malware attempts to earn revenue from its victims. People are rarely vigilant about reading terms and conditions, which might give a clue to the kind of service they're signing up to."

The malware was discovered in February by SophosLabs researcher Vanja Svajcer, who also made a video documenting the passage of the malware from the Internet to becoming installed on his Android smartphone. It has now been detected as Andr/Opfake-C.

Connect has now been formally reprimanded and can only operate under the premium phone services regulator's supervision. The company has the option to appeal.

Topics: Security

About

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charli... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.