The carrier apps in question were a simple Battery Saver and a Currency Converter. Before being taken down, the former had accumulated just over 5,000 downloads and about 70 reviews. As you can expect, however, said reviews were probably fake, as their text made little sense and they were posted by anonymous users (you know the type).
In order to remain hidden, the malware would do absolutely nothing unless it detects that the phone's motion sensors are generating data. The idea behind that? Well, some malware detectors will simulate an Android environment and run the target app in it in order to see if it does something fishy. The malware developer figured that such fake "Android sandboxes" won't be generating any motion sensor data since they are not actually on user-held devices. So, the trojan apps in question were made to wait for such data before they execute their malicious code.
Then, the apps send a notification to the user, concealed either as a Telegram or a Twitter invitation of sorts. However, that's simply a download link in disguise. Tapping on it will, sooner or later, trigger a download that's masquerading as a standard Android update. Accepting the latter finally opens the door and invites the Anubis malware in.
So, just a reminder — be careful what you download on your phone and definitely think thrice before sideloading stuff as well.