This new virus is an interesting one in that it installs new fake versions of software without users even noticing. In a nutshell when a users goes to download an application the virus will replace the download with an exploited APK (Android application package) that can gather sensitive data like your passwords. It does this completely in the background without the user even noticing they downloaded a false APK.
A patch has already been issued by Google and Amazon with Amazon users needing to download the latest version of the Amazon AppStore to fix this. Even with these patches however millions of devices are left at risk until other providers provide a patch for their specific devices. Palo Alto has developed an app that will tell users if they’re device is infected for the time being.