If you give Malware authors an opening, they'll take it. In the wake of the recent Android Market malware scares, Google released a special security app that searches for and removes the so-called DroidDream malware. Google is pushing this app to affected phones automatically to take care of the problem. So what did the unscrupulous hacker characters do? They repackaged that security app with a trojan, of course.
The version of Android Market Security Tool in the Market is safe, that's what Google is pushing to users. The malware infected version of the app is floating around on the internet and appears to mainly be affecting (and infecting) Chinese users. To be infected, a user would have to seek out this unofficial app, and manually install it.
Google has pledged to keep closer watch on the Android Market to prevent DroidDream-style attacks in the future. We certainly applaud that, but they can't police the whole internet. Android provides users with more freedom, but that comes with more risk. Just the price you pay.