"We identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don't affect Android versions 2.2.2 or higher," said Rich Cannings, Android security leader, in a blog.
Google added that it has taken a number of steps to protect those who downloaded a malicious application.
"We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack. We are remotely removing the malicious applications from affected devices," the firm said, confirming it has a 'kill switch' for apps.
Google said the 'kill switch', which is contained within an Android Market security update, is being pushed to all affected devices.
"The update reverses the processes put in place by the malware to prevent the attacker(s) from accessing any more information from affected devices," it explained.
Google said those affected by the malicious apps will receive an email from firstname.lastname@example.org over the next 72 hours, along with "a notification on your device that 'Android Market Security Tool March 2011' has been installed".
"We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues," Cannings added.
"We always encourage you to check the list of permissions when installing an application from Android Market. Security is a priority for the Android team, and we're committed to building new safeguards to help prevent these kinds of attacks from happening in the future."
See also: Android set to crush Nokia/Microsoft