25 malicious Android apps with over 2.1 million installs in total were observed by security researchers while displaying aggressive full-screen ads. The 25 apps were found in the Play Store during late-August and, while immediately after being installed they did not exhibit any malicious behavior, the apps will subsequently download malware configuration files that would switch on their ‘evil’ mode. The switch is controlled remotely via the downloaded configuration file, allowing the malware developer to evade Google Play s rigorous security testing.
Source: https://www.bleepingcomputer.com/news/security/malicious-android-apps-evade-google-play-protect-via-remote-commands/