Cybercrime service bypasses Android security to install malware
TL;DR - You have to install a malicious app that pretends to be something else, then the app will try trick you into installing another APK (to which you have to specifically agree), and then your phone gets malware.
If you install malware then it gets installed!
Crazy.
So nothing new