A firm has been fined £50,000 after Trojan versions of popular Android apps secretly sent expensive SMS messages to premium rate numbers.
UK industry regulator PhonepayPlus uncovered that 1,391 mobile phone numbers in the UK had been stung by the scam, that targeted Android owners who downloaded Trojan horse versions of popular games such as "Angry Birds", "Assassins Creed" and "Cut the Rope".
Each time innocent users would start one of the apps it would send three premium rate text messages, costing £15. Charges would continue to mount unless users removed the offending app.
Swift action by the authorities in shutting down the SMS shortcode used by the malware meant that only
£27,850 was taken, and funds were stopped from reaching the bogus app's developers.
But, according to PhonepayPlus, the scam wasn't just targeting smartphone users in Britain, but had also been seen in a total of 18 countries worldwide.
It's estimated that there were some 14,000 downloads of the malicious apps around the globe.
A1 Agregator Limited ran the premium rate payment system used by the malware to fraudulently charge consumers' smartphones.
As well as the firm being fined £50,000, it has also been ordered to directly refund all consumers within three months, regardless of whether they complained or not. In addition, the company has been barred from launching any other premium rate services in the UK without the permission of PhonepayPlus.
Sophos experts have seen a rising trend for malware to be distributed in the form of bogus Android apps, hellbent on earning money from expensive SMS services or allowing the installation of further malicious code.
Recent examples have included false versions of Angry Birds Space, Instagram and even fake Android anti-virus products.
Earlier this year, PhonepayPlus fined two companies £100,000 each after they created typosquatting websites, posing as Twitter and Wikipedia, and tricked visitors into signing up for a premium rate mobile phone service.
It's good to see more action being taken against those who try to hit smartphone users where it hurts - in the pocket.
But this shouldn't just be about relying upon the authorities for protection.
For instance, be sure to check the permissions that an app requires when you install it on your Android. Does it have a legitimate reason to ask for them? If you don't see why it requires permission to send SMS messages, be cautious.
You can further increase your chances of keeping your Android smartphone defended by installing Sophos's free anti-virus protection for Android.
Follow @gcluley
![Android malware spread via Facebook [VIDEO]](http://sophosnews.files.wordpress.com/2012/02/android-logo250.png?w=75&h=75&crop=1){kind=logo}
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
If you are warning us about Android apps that require permission to send sms. Why does your anti-virus for Android require this permission?
Thanks for the feedback. In fairness to our developers, the app's description on Google Play does explain why SMS access is required.
It needs it to send you an SMS notifying you of your phone's location/or that it has been locked if you lose your Android.