Adrianne Jeffries of The Verge says that digital marketer Stephen Kenwright “downloaded the app earlier this week, tried it out, uninstalled it, and went to bed.”

But that seeming conclusion to Kenwright’s relationship with Path wasn’t the end at all.

“When he woke up,” Jeffries reports, “he found that Path had gone on a rogue mission early in the morning, texting and robocalling an unknown number of his contacts, including his grandparents.”

Path reportedly worked its way through Kenwright’s entire contact book by the next day.

Coworkers, friends, and family were asking him about the text or phone call they’d received from Path, which stated that Kenwright wanted to share photos with them.

“Having uninstalled the app yesterday when I decided it wasn’t for me, I’m going to go ahead and assume that Path took this data out of my phonebook sometime during the half hour I had it installed,” Kenwright stated in his initial blog entry, which can be read here.

Path’s response?

Kenwright has updated his blog post with a clarification from Path. The company meant to send the messages during the time he was signed up for the app and “didn’t seem to realize that UK landlines… read out text messages that are sent to them.” Path is investigating why there was a delay in the timing of the message delivery.

Android malware deceptively disguised as a mobile ad network is on the loose and infecting millions of mobile devices.

According to Lookout Mobile Security, the new threat is called BadNews, a recent entry into the malware family. So far, it’s been found in 32 apps across four different developer accounts in Google Play.

Google Play statistics show that the combined affected applications have been downloaded between 2,000,000 – 9,000,000 times.

“We notified Google and they promptly removed all apps and suspended the associated developer accounts pending further investigation,” the security watchdog says. “All Lookout users are protected against this threat.”

Badnews has the ability to send fake news messages, prompt users to install applications and sends sensitive information such as the phone number and device ID to its Command and Control (C&C) server. BadNews uses its ability to display fake news messages in order to push out other types of monetization malware and promote affiliated apps.

To learn more about this threat and how you can protect yourself from it, click here.

The FTC has begun aggressively following up on its pledge to crack down on the tricksters taking aim at our cell phones.

In the last two years, regulators have found that hundreds of thousands of mobile phone users have been charged for “premium text” services that they did not authorize, a practice known as bill cramming.

According to comprehensive coverage provided this week by the New York Times, the Federal Trade Commission has announced its first cellphone cramming case.

The U.S. Federal Trade Commission has charged Wise Media and two of its owners, Brian M. Buckley and Winston J. Deloney, with alleged “unfair or deceptive business practices.”

Concrete Marketing Research was similarly charged with allegedly receiving funds that could be traced to Wise Media’s actions.

Not surprisingly, the offending messages (sent as premium SMS service) promised everything from horoscopes to psychic services. But the company’s fortune-telling resources obviously didn’t see the FTC coming. And now the FTC is taking action in response to its belief that Wise Media illegally charged mobile phone users.

Many expect the FTC to try to make an example out of Wise Media in hopes of deterring other companies from committing the same alleged offenses.

On Thursday morning, the Federal Trade Commission invited press to its Midwest Region Office in Chicago to announce a series of enforcement actions designed to protect consumers nationwide from a pervasive series of scams built on text messages

The FTC is taking precise aim at affiliate marketers that use SMS to trick consumers into chasing “free” gift cards through underhanded practices.

In eight different complaints filed in courts around the United States, the FTC charged 29 defendants with collectively sending more than 180 million unwanted text messages to consumers, many of whom had to pay for receiving the texts.

The Commission’s complaints seek restraining orders against the defendants, which would effectively prohibit them from continuing their allegedly deceptive tactics.

As the FTC points out, however, the Commission files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the defendant has actually violated the law.

The cases will be decided by the court.

“Today’s announcement says ‘game over’ to the major league scam artists behind millions of spam texts,” explains Charles A. Harwood, Acting Director of the FTC’s Bureau of Consumer Protection. “The FTC is committed to rooting out this deception and stopping it. For consumers who find spam texts on their phones, delete them, immediately. The offers are, in a word, garbage.”

To read the full announcement from the FTC, click here.

According to the presented findings of F-Secure‘s latest Mobile Threat Report, there’s been a drop in malware targeting the Symbian platform, representing just four percent of all mobile threats detected in Q4 2012.

That’s about the only “good news” in the report.

301 total new threat families and variants were detected in 2012. Android malware continued to gain in its share, responsible for 79 percent of all threats for the year, up from 66 percent in 2011.

“Malware in general has a parasitic relationship with its host,” said Sean Sullivan, Security Advisor at F-Secure Labs. “As old Symbian handsets continue to be replaced by those with other operating systems, especially Android, Symbian malware dies off and will probably go extinct in 2013. May it rest in peace.”

Sullivan says 66 percent of mobile malware detections in 2012 were trojans.

A large share of the Android threats found in Q4 were malware that generate profit through fraudulent SMS practices.

Based on the findings of an expansive survey, McAfee reveals that more than one in ten mobile device owners use the same PIN across multiple devices and accounts.

That’s a big security risk, the company says.

Perhaps even worse is the fact that 55% of all survey respondents admit to sharing their PINs or passwords with others.

To showcase the findings of the new survey and to help mobile users examiner their own mobile security practices (and perhaps learn some helpful tips in the process), McAfee published a new infographic along with the report (which can be obtained via PDF here).

Check it out and weigh your practices against those of others who are putting their mobile security in jeopardy.

According to a new threat coming to light this week, a pretty nefarious trojan for Android has been discovered and should be guarded against in the coming days and weeks.

The trojan is capable of executing Distributed Denial of Service (DDoS) attacks. Based on what little we know, the malware can also receive commands and distribute text messages for advanced spamming efforts.

With Android malware up a reported 700% in the last twelve months, this newest threat – “Android.DDoS.1.origin” – comes as no surprise. The same goes for the method in which it is purportedly spread – through social engineering guises. Specifically, the malware dupes users by appearing to be a legitimate app from Google.

But after installation, it creates an icon that looks suspiciously like the one for Google Play. But it isn’t. And upon launching, the trojan connects to its Command and Control (C&C) server and it’s “game on” for a wide variety of activities that you wouldn’t want any part of.

As of this writing, there is no evidence to suggest that this threat is wholly pervasive or spreading fast. But it could. And so Android users are advised to be particularly observant of what they’re putting on their device and how it behaves.

In a nutshell, the controversial exploit allegedly gives hackers access to a device’s physical memory.

One user named Alephzain claims to have probed the matter on a Samsung Galaxy S III but also found the problem on the Galaxy S II, Galaxy Note II and other devices.

“The good news is we can easily obtain root on these devices and the bad is there is no control over it,” Alepzhain posted. “RAM dump, kernel code injection and others could be possible via app installation from Play Store. It certainly exists many ways to do that but Samsung give[s] an easy way to exploit. This security hole is dangerous and expose phone[s] to malicious apps.”

According to The Verge, “Samsung has been made aware of the security hole, but the company has not publicly acknowledged the issue.”

All told, this news comes as an unsettling development for Android, particularly on the heels of last week’s report indicated that as many as 18 million Android users will face mobile malware infection before 2013 comes to an end.

According to a report publish Friday by the mobile security experts at Lookout, some scary predictions have been made as the company’s forecasts for the year ahead in mobile malware distribution methods, profit-making schemes and privacy threats.

In 2013, people will purchase more than 1.2 billion mobile devices, surpassing PCs as the most common internet access device in the world. Mobile platforms will continue to expand at breakneck speed, as people are forecast to download over 70 billion mobile apps in 2014.

Now here’s the scary stuff.

“Globally,” the company says, “we estimate 18 million Android users may encounter mobile malware from the beginning of 2012 to the end of 2013.”

Mobile spam, they say, will also increase in volume, become a growing nuisance, and “turn into a new threat vector.”

Lookout asserts that finding the right balance between protection and employee empowerment “will be the business challenge of 2013.”

To read the full rundown on the Lookout Blog, click here.

The notification went to persons who had previously received a text message promoting footwear and apparel company Steve Madden’s products and events. Given how a resolution to this mess is shaping up, a boatload of cash payments could be headed for a large number of people.

The Steve Madden settlement will resolve a class action lawsuit, titled Ellison v. Steven Madden, Ltd., that alleges the company sent unsolicited text messages to consumers advertising Steve Madden’s fashion products and promotional events. According to the class action lawsuit, these text ads violated the Telephone Consumer Protection Act because consumers did not consent to receive them.

It should be noted that Steven Madden “denies any wrongdoing” but has agreed to establish a $10 million class action lawsuit settlement in hopes of expediting a resolution to the litigation.

According to published reports, class members of the Steven Madden text class action settlement “include all U.S. persons who, from July 2010 until September 25, 2012, received a text message promoting Steve Madden products and/or events from the “short codes” 91919 or 623336.”

For now, all eyes are looking ahead to a final fairness hearing scheduled for February 25, 2013.

All claim forms and related information about this matter can be obtained here.