Android Malware Pusher Told To Cough Up £50,000

An Android malware dealer has been fined £50,000 and told to refund all the people it duped out of money.

UK security firm Sophos discovered some software pushed onto Android phones via a Facebook link earlier this year. Once installed, the malicious application, which claimed to offer access to popular games, charged users £10 if they accepted the “rules of downloading”, even though the terms and conditions said there were charges of “about 5 GBP”.

Users were also told by Connect Ltd they would be notified before incurring any charges. They were not.

PhonepayPlus, the regulatory body for all premium rate phone services in the UK, said the app “had the sole purpose of generating high revenue and did so through recklessly misleading promotion and design.”

Payback time

It is believed Android users spent between £100,000 and £250,000 on the service. Now Connect Ltd, a Russian firm, has been told to refund all customers and pay up an additional £50,000.

“If our sanctions are not met we do have the power to bring a breach of sanction case, where the tribunal can impose tough penalties,” said PhonepayPlus spokesman James McLarin.

“The sending of expensive SMS messages is one of the most common ways in which smartphone malware attempts to earn revenue from its victims,” added Graham Cluley, senior technology consultant at Sophos, in a blog post.

“Always be careful about what apps you install, and – in the case of Android apps – be sure to check that you are happy with the permissions the app requests at installation.”

Android malware continues to grow at a startling pace, as Finnish security firm F-Secure found 5033 malicious Android application package files in the second quarter of 2012, representing a 64 percent increase.

Are you a security guru? Try our quiz!