Three UK companies have been fined £330,000 after phone users found they had been charged up to hundreds of pounds without their consent.
Phone-paid services regulator PhonepayPlus found Android phone apps that were used to promote and access Circle Marketing, Cloudspace and Syncronized's premium rate services contained malware.
The apps promoted services with names such as Fun Sexy Girls and Glam Pleasures.
Once the app was installed, phone owners inadvertently initiated a subscription by clicking anywhere on the screen.
The app suppressed premium rate text messages, meaning those whose phones contained the malware did not know they were being charged.
Other consumers found themselves caught up in the scam via a WAP (wireless application protocol) link sent to their mobile phone after their details had been obtained from marketing lists.
A number of consumers reported receiving explicit text messages, and told PhonepayPlus they were "extremely upset" by the "vile messages".
One complainant reported being billed £231, another said their daughter was charged £150 more than usual over a three month period.
Another said that they had been receiving the explicit text messages for over two years before approaching PhonepayPlus.
All three companies were unable to show they had obtained consumers' consent to be charged.
PhonepayPlus said some consumers were charged between £1.50 and £4.50 a week and had reported bills amounting to hundreds of pounds.
The regulator said it had investigated the companies following reports from antivirus and internet security company Kaspersky Lab.
PhonepayPlus acting chief executive Joanne Prowse said: "The digital economy is ever more central to people's lives, bringing new opportunities for business but also new risks to consumers through evolving mobile malware.
"Tackling this threat and supporting genuine innovation and good business within premium rate services is one of PhonepayPlus' key priorities.
"This case of mobile malware is not typical of the majority of premium rate service businesses, which offer services that consumers enjoy and find convenient to use.
"If the UK's digital economy is to fulfil its potential we must all play our part, business, regulators, and government alike, in driving bad practice out of the market."
David Emm, principal security researcher at Kaspersky Lab, said: "As we as a society become increasingly dependent on mobile devices to connect to the internet, it is only natural that the criminals will see an opportunity and follow our activities.
"It is difficult enough for consumers to remain vigilant to the abundant threats out there without having to deal with hidden threats from seemingly legitimate sites as well.
"This verdict is a great success for those trying to protect mobile users and will hopefully deter other potential opportunists."