Malware found in as many as 9 Android apps distributed via Google Play Store. Malware authors have resorted to a variety of methods to bypass app store vetting mechanisms. The apps that were used for the campaign include Cake VPN, Pacific VPN, eVPN, BeatPlayer, QR/Barcode Scanner MAX, Music Player, tooltipnatorlibrary, and QRecorder. After the findings were reported to Google on January 28, the rogue apps were removed from the Play Store on February 9.
Source: https://thehackernews.com/2021/03/9-android-apps-on-google-play-caught.html