PhonepayPlus, the organization that regulates all premium rate phone services in the UK, has ordered a Russian company – Connect Ltd – to pay a fine and refund users after researchers highlighted the fact that an application it owned was attempting to trick Android users into signing up to expensive mobile services.
Developers create malicious applications that sign up users to shady mobile services and send SMS to premium rate numbers. When security firms find the malware, they place it on a blacklist and warn users about it, thus preventing the crooks from stealing more money. Then it starts all over again with the release of a new malware.
However, this may not always be the case and there may be some good news for those who have fallen victim to such crimes, Graham Cluley of Sophos reports
Back in February, we learned
of an application that tricked Facebook users into installing a malicious application on their Android phones. Once it found itself on a phone, the malware sent out an SMS message and subscribed the unwitting individual to a premium service.
After confirming that the application in question presented a suspicious behavior and after determining that the victims might have paid as much as £250,000 ($395,950 or €314,000) for the shady services, PhonepayPlus decided to fine the company.
In case the company doesn’t comply and pay the £50,000 ($79,000 or €63,000) fine and refund all the victims (whether they filed a complaint or not), the agency has the ability to “bring a breach of sanction case” in which a court could impose even tougher penalties.
Besides the considerable fine, in the next couple of years, Connect Ltd will also have to ask PhonepayPlus for permission to offer premium rate services to UK citizens.