Google has patched a bug that let a hacker, and this is key, that is physically close to your phone to send malware to your phone using NFC (Near Field Communication) functions.

Take a look at this report from Sophos's Naked Security Blog that spells out the vulnerability: Click Here

What to do?

• You can turn off permissions for the NFC app to install unknown applications, which will prevent the NFC app from trying to install an APK.
• You can also turn off Android Beam in the NFC and Payment area of your Android device’s settings, while still leaving NFC on for contactless payments.
• Finally, you can install the fix that Google released last month, patching the flaw.