14 DAY TRIAL // Three companies in the UK providing premium rate services (PRS), used malicious Android apps to charge users without their knowledge, some of the victims accumulating phone bills of hundreds of pounds in short period of times.
The malware would generally be downloaded from websites with adult content, but they would also reach the victim via SMS phishing.
Subscription was done by tapping anywhere on the screen
None of the text messages that would usually inform the client of the pricey charges were displayed on the device, evidence of the fraud being reflected only in the bills received by the victim; the extra charges were between £1.50 ($2.36 / €1.9) and £4.50 ($7 / €5.68) per week.
Premium rate service regulator PhonepayPlus started an investigation after receiving reports about the fraudulent activity from Kaspersky Lab.
The malicious apps were downloaded automatically after visiting certain adult websites and the subscription would be initiated by tapping anywhere on the screen, following the installation of the app.
According to PhonepayPlus, software named “Fun Sexy Girls” and “Glam Pleasures” sported this type of malicious behavior. However, these were not the only apps laden with malware.
The companies were identified as Circle Marketing Ltd (fined £130,000 / $204,000 / €164,000), Cloudspace Limited (fined £80,000 / $125,000 / €101,000), and Syncronized Ltd (fined £120,000 / $188,000 / €151,000).
Out of the three, the first two used marketing lists to send potential victims links to the apps via WAP. This service was also used to deliver adult-themed texts.
One fraud campaign started at the end of 2012
“This mobile malware downloaded without mobile owners’ consent and hid the charges. It was found thanks to the work of PhonepayPlus’ research team and Kaspersky Lab. As a result of our investigation the companies involved have been fined £330,000 and refunds have been ordered for consumers,” said Joanne Prowse, Acting Chief Executive of PhonepayPlus.
According to the reports received by the PRS watchdog, one individual incurred a £231 / $363 / €291 charge, while another recorded increased bills for the device of their daughter over the period of three months.
The three companies worked independently, Circle Marketing Ltd carrying out the operation for years, between December 2012 and October 1, 2014. In this case, PhonepayPlus received a total of 68 complaints.
Syncronized Ltd appears to have started this type of fraud on May 18, 2013, and stopped on August 12, 2014; 125 complaints were registered.
Cloudspace Limited’s fraud was the shortest lived, as it began on March 20 this year and ended on August 12; the number of customers complaining about the unwanted services was 32.
