Three pieces of glib Android malware get ousted by security researchers and Google
The first malware is the Skyfin Trojan. It's typically found in .APK files downloaded outside the Play store, so if you are into side-loading or straight-up pirating apps, you are putting yourself at risk – or in the hands of your antivirus software, if you have one running. Anyway, Skyfin is able to steal your information (IMEI, device model, location, language) and make unsupervised app installs, purchases, and ratings. Thankfully, the trojan can't reach devices running Android Marshmallow or later.
Second is HummingWhale, a malware that infected over 20 Android applications with millions of installations before Google removed them upon getting notified by the researchers. The malware would spam your phone with advertisements and generate ad revenue for its creator. It would also make fraudulent Play Store ratings to boost the reputation of other malicious apps that contain it.