A firm in Moscow has just been ordered to pay up £50,000 as a fine after a malware that it had developed ended up subscribing users to a premium-rate service without their consent. The amount includes damages and refunds to the customers who were charged after the malware infected their Android smartphones. PhonepayPlus, the regulatorr for premium services in the UK has delivered the verdict against Connect Ltd which works as SMSBill to refund the money that customers were charged because of the malware irrespective of whether they claimed refunds.
The malware worked through facebook, the popular social networking site. It would generate a link that appeared to promote games and the like and when users clicked it, it would pose as an application and send an SMS to subscribe for services. This operated on smartphones running the Android platform that is now the most popular one in the world. The message would lead to an automatic subscription and in return, a confirmation SMS would be delivered stating that the customer was charged £10. When the application’s terms and conditions were scrutinized, it was written in fine print, after 6 pages of rules that the customer would be charged “around £5”.
The regulator in the UK has ordered the company to refund the money to customers by crediting it to their phone bills over the next few months. The company is expected to settle all transactions within a period of three months. Connect Ltd allegedly made profits amounting to £250,000 through this scheme. If the number that subscribed to the service is no longer active, the watchdog decided that the refunds will be made to a charity. Generating revenues through unsolicited messages from subscribers is one of the most common ways a malware works. Moreover, by including terms and conditions, the malware usually has a legitimate defense as people rarely read them in detail before authorizing subscriptions.
The malware was first discovered back in February and its route from the internet to the smartphone’s file system was documented in detail. Connect Ltd is now under the scanner and can operate premium phone services only under the supervision of the regulatory body. Malware operating in this manner is quite common since the days of the Symbian OS where infected phones would constantly send SMS and MMS to all contacts in the list.
