From a well known security site: Vodafone Android Phone: Complete with Mariposa Malwa

[spambusterdave]

I don't own a Droid but i thought this might be of interest to those that do..

http://isc.sans.org/diary.html?storyid=8389&rss

Panda Security has a post up on one of their employees buying a brand new Android phone from Vodafone and discovering it was spreading Mariposa. It didn't infect the phone proper, but it did have autoexec.inf and autoexec.bat files designed to infect whatever Windows machine the phone was plugged into via USB cable. Unlike the Engergizer story from yesterday, this one is happening now. Standard USB defenses apply, don't automatically execute autoexec.bat/inf files from USB devices. This Microsoft KB article discusses how to disable the "Autoplay" functionality that leads to this problem.
This leads to the interesting question, why not just infect the phones? The technology is certainly there to write malware that is phone specific. We won't see mass infection of phones (or even better, a cell-phone botnet) likely until commerce is much more common on phones. Malware is driven by the desire of profit and once it becomes profitable, we'll see exploitation. The problem is, that these slimmed down devices make it difficult to configure in security. Only a few cell phone types even have the option of cell phone antivirus software. The clock is ticking on that threat.

[rainfreak]

PPCG posted the same story here yesterday. But I would take it with a grain of salt because the infection was isolated and multiple other devices were checked by VodaPhone and found to be clean.