The attack vector was ingenious, and plays on the Android Market's biggest weakness: the almost complete absence of app moderation. The nefarious developer crafted 21 apps that share the name of legitimate apps (such as 'Chess'), and into each of them he inserted some Trojan code. The apps then quietly report your sensitive data back to a remote server, while you play with your free app.
Download Squad: http://downloadsquad.switched.com/2011/03/02/google-pulls-21-android-malware-apps-with-trojan-rootkit-over-50000-infected/
Android Police: http://www.androidpolice.com/2011/03/01/the-mother-of-all-android-malware-has-arrived-stolen-apps-released-to-the-market-that-root-your-phone-steal-your-data-and-open-backdoor/"
Link to Original Source