The virus-stalking folks at Symantec have told us that there's a fake version of Google's recently released Android Market Security Tool floating around on unregulated app marketplaces. The pre-installed official Android Market on your phone or tablet is safe, it's other sites. Bet ATT is saying "I told you so" right about now, since they block installation from non-Market sources.
After malware was found last week on the official Android Market, Google published an application- "Android Market Security Tool" - to undo the side effects caused by Android.Rootcager. Symantec has now discovered suspicious code within a repackaged version of the Android Market Security Tool.
Symantec found this suspicious version of the tool on an unregulated third-party Chinese marketplace. This threat appears to be capable of sending SMS messages if instructed to do so by a command and control server. Analysis of the application is still ongoing, however, of note is that the threat's code seems to be based on a project hosted on Google Code and licensed under the Apache License.