Researchers at Kaspersky have discovered a malware Trojan, Necro, that has affected over 11 million Android devices. That number is just from the Play Store apps, which means the actual number of victims is likely much higher.
Wuta Camera, Max Browser, WhatsApp Mods, Spotify Mods, and Minecraft Mods were found to be infected with a Necro Sideloader. All the apps are shown to contain CoralSDK. If you downloaded any of this remove the apps and wipe your phone.
FOSS apps are generally more secure due to auditability of the source. Many eyes, and all that. Although I'm sure there's also reduced interest from attackers on smaller platforms.
Also, malware devs would have the additional constraint of having to either open source their malware, which they probably don't want to do, or sideload their payload, which is more work for them.