The iPhone has seen nefarious software make its way onto jailbroken devices, though nothing that's able to get access to the App Store or do any real damage.
Unfortunately, Google's Android platform has been targeted by a considerably more malicious application recently, which tries to acquire the user's bank account details.
The application, developed by Droid09, poses as a shell for mobile banking applications that phishes for personal data about the user's bank details and the users themselves, presumably for identity theft.
The application came to light through First Tech Credit Union's fraud alerts, which states "Droid09 launched this phishing attack from the Android Marketplace and it’s since been removed. If you did download the Droid09 app, please remove it from your phone and take it to your mobile provider to ensure it’s completely removed."
Perhaps Apple's over-protective access to the App Store isn't such a bad thing after all?