PhonepayPlus, the regulatory body for all premium rate phone-paid services in the United Kingdom, has recently managed to cut off a malware attack that took the form of premium SMS fraudulent apps masquerading as popular apps offered on Google Play and other online stores.
"These fake apps were advertised as free but contained malicious coding that charged the phone’s account £15 every time the app was opened (usually charged through three £5 premium rate texts). The malware suppressed the sent and received text messages that notify users they have been charged. It was only when consumers received their bill that they were alerted to the fraudulent charges," it has been explained.
Dubbed RuFraud, the fraudulent apps were downloaded more than 14,000 times until they were pulled from the markets. Of this number, 1,391 downloads were made by UK mobile users, and brought the scammers a profit of £27,850.
PhonepayPlus swiftly reacted by suspending the shortcodes that enabled the apps to fraudulently charge smartphone users, and by blocking the amount in question from being passed on to the fraudsters.
The organization also investigated A1 Agregator Limited, the provider of the payment system which enabled the malware to charge consumers’ mobile phone accounts. The company was finally ordered to refund the fraudulently obtained money to all UK users within three months and, on top of that, to pay a £50,000 fine.
“We will continue to clamp down on those who wish to take advantage of UK smartphone customers. We are very pleased that the tribunal ordered that everyone affected will get their money back and that a strong fine was imposed. The digital economy is vital to the UK’s future and we will continue to take action to maintain the confidence of the public,” Patrick Guthrie, PhonepayPlus’ Director of Strategy and Communications, commented on the verdict.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.