A malicious campaign dubbed PhantomLance has been targeting users of Android devices with spyware payloads embedded in applications delivered via multiple platforms including Google’s Play Store and alternative Android app stores such as APKpure and APKKCombo. The campaign has been active since at least 2015 and is still ongoing, featuring multiple versions of a complex spyware software created to gather victims data and smart distribution tactics. The majority of users affected by the campaign were located in Vietnam, with the exception of a small number of individuals located in China.
Source: https://www.bleepingcomputer.com/news/security/hacking-group-used-google-play-store-to-push-spyware-for-years/