The Play Store is not an alternate Android app store though.

you just need to read the article:

> The good news is that the bad apps in question have since been removed from Google’s official Android app store. However, the cybercriminals behind this campaign are also using a separate set of 12 malicious apps on unofficial third-party app stores to spread the Xamalicious malware. These apps need to be sideloaded onto your smartphone though as they are installed via an APK file.

i mean, this isn't really news, is it?

Ah, I stand corrected - I assumed that the quote would be the relevant bit of the article, and didn't click through.