It was recently discovered that Android has had a major security hole since version 1.6, which allowed hackers to modify almost any Play Store app and turn it malicious without tripping the built-in security measures. Well, that hole has already been plugged and the fix has been sent out to OEMs (Google was made aware of the issue in February, so it has had time to fix it).
Google claims that it hasn’t seen any app from the Play Store (or other app stores for that matter) that have been affected by this vulnerability.
The Play Store itself scans the apps it offers and the Verify App feature (new in 4.2) scans all apps (even if you installed them from elsewhere).
Samsung and some other OEMs are reportedly already shipping devices that contain the fix. Current devices will have to wait for an update, which has an uncertain timeframe as it depends on OEMs and then carriers to push it out.
Custom ROM CyanogenMod is aware of the issue and the necessary changes have been made all the way back to CM7.