Dozens of apps in the Android Market have been found to contain malware and have been removed from the online store by its owner Google.
Reports put the precise number of apps at between 21 and 50.
The apps were infected with malware called DroidDream, which once downloaded harvests details from the target smartphone and installs a backdoor so that more code can be downloaded and the phone controlled remotely.
Google removed the apps from Android Market as soon as it was alerted, but an unknown number of devices may have been infected.
The crime was perpetrated by injecting legitimate apps with the malware code and then republishing them. Details have been published by the Android Police, a site that writes about the operating system.
Unlike Apple's AppStore and Nokia's Ovi apps, which are scrutinised and controlled by their store owners, Andoid Market apps are open to all-comers.
According to Gartner, Android is now the second-largest operating system for mobile phones – some 67.2 million units were sold in 2010. Android could overtake Nokia's Symbian as the number one phone OS this year.
Yesterday, IBM security guru Tom Cross told attendees at IBM Pulse in Las Vegas that corporate concerns over mobile security are over-blown.
Smartphones generally use apps not browsers to access the web, business applications or personal banking services, which makes them harder for cyber criminals to target with malware or infected sites, reasons Cross.
But this still leaves the possibility that smartphones can be penetrated with malignant apps, as has happened with the Android Market apps.
"We've become accustomed to having an anti-virus program on our computer, which also protects against spyware. But when it comes to mobile phones, there is virtually no awareness about the very same risks and few have a security program for their Android phone," said Philip Dall, mobile security expert with BullGuard.
Dall advises users to think twice before downloading apps.
"Find out who uploaded it, check which rights and actions the app wishes to make use of, and consider whether this sounds right or not. Secondly, you should install security software on your phone," he said.
The Guardian has published a list of infected apps
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy