SMS malware firm ordered to compensate victims

SMS malware firm ordered to compensate victims

Summary: A Moscow-based firm has been fined £50,000 ($77,500) and ordered to refund victims after an Android-based link subscribed customers to a premium-rate service without consent.

TOPICS: Security

A Moscow-based firm has been fined £50,000 ($77,500) and ordered to refund victims after an Android-based link subscribed customers to a premium-rate service without consent.

The UK premium phone services regulator PhonepayPlus has ordered Connect Ltd -- trading as SMSBill -- to refund all customers who have been affected, whether or not they have claimed compensation.

The firm is behind a malicious Facebook link which, once clicked, downloaded malware on to Android-based smartphones. Masquerading as an app which provided access to games, an SMS message was then sent from the phone, automatically subscribing the owner to the service.

The sent message generated an auto-reply text, which then cost the owner £10 ($15). On page 6 of the app's terms and conditions, a price of "about £5" was specified. 

The UK watchdog has ordered that customers will be credited on their next mobile phone bill and refunds must be offered within three months. If the number is no longer in use, then the refund will go to charity. Connect is estimated to have gained fraudulent profits of £250,000 ($397,000) through the scheme.

Senior technology consultant at Sophos Graham Cluley said:

"The sending of expensive SMS messages is one of the most common ways in which smartphone malware attempts to earn revenue from its victims. People are rarely vigilant about reading terms and conditions, which might give a clue to the kind of service they're signing up to."

The malware was discovered in February by SophosLabs researcher Vanja Svajcer, who also made a video documenting the passage of the malware from the Internet to becoming installed on his Android smartphone. It has now been detected as Andr/Opfake-C.

Connect has now been formally reprimanded and can only operate under the premium phone services regulator's supervision. The company has the option to appeal.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • just an updated version of an old scam

    "back in the day" they used to spike in a piece of malware on your system that would dial your modem into a pay-per-call scam and do it over and over again. The scammers got the phone company to bill you (usually hundreds of dollars) and if you didn't pay you lost your phone service and the phone company sued you. It was another reason to kill the landline business.
  • Not sure if the wireless phone business is any better?

    "...another reason to kill the landline business" yes, but are today's mobile companies any better? Do we really want them as a toll booth between us and our data, as would be the case if we adopted the Cloud, SaaS, etc.? Do we really need them to feed off the updates we are obliged to swallow, to fix broken softqware products at our expense?

    It may be interesting to look at cross-shareholdings between software and comms vendors.
  • Move Along Folks, Nothing new to See Here

    Same old Android malware stories, until Google learns that open software doesn't have to involve an open android market, we'll just keep reading the same old stories of humans getting tempted and taking advantage of this Android weakness.
  • zilch

    My team & I offer the best hacking services.We can hack/recover any email id,mobile phone,FACEBOOK & website servers & grant our clients access.Send me a mail "".We try to reply every client ASAP & execute the project in the quickest time-frame possible.

    #Patience is the first weapon!#