I'd like to see the "malware" for myself in all honesty, but aside of that: Mountain Lion already has the protection built in to prevent code such as this from running unless a known software developer signs the code or unless it's sold through the app store (which also signs the code).
Next the tricky bit seems to be premium SMS, that's subscribing you to a (expensive) service without you sending a SMS yourself. If they try to do that where I live: good luck on collecting as the mobile telco operators will not honor the charges (they'll not charge it and they'll not pass on the kick-back for the service) - The subscriber has to send an SMS to the premium service provider before a premium service can be charged. If I'm not mistaken that bit is in the telecommunications legislation in order to protect consumers.
Knowing a mobile phone number just isn't enough to start sending premium SMS (otherwise some idiot would start to spam all possible phone numbers (some networks are rather densely populated by now).