The Android BadBazaar malware is being distributed through the Google Play store, Samsung Galaxy Store, and dedicated websites mimicimg Signal Plus Messenger and FlyGram malicious applications. These active campaigns are connected to the China-aligned APT organization known as GREF.
Source: GBHackers