Google removed a bunch of malicious apps, most disguised as legitimate apps, from the Android Market after they were found to contain malware. The malware, dubbed DroidDream, uses two exploits to steal information such as phone ID and model, and to plant a back door on the phone that could be used to drop further malware on the device and take it over.
There is a scanning software for known malware signatures but this system isn’t good at detecting brand new malware or existing malware that has been modified enough to slip past the antivirus programs. Depending on the handset used, Android versions may be patched by now, but others are not. The vulnerabilities exploited by the malicious apps have been patched in Android 2.3, also known as Gingerbread, but older versions could still be vulnerable.
Read more at CNet.com