Malware infection can occur through numerous infection vectors, including through official app stores, when harmful apps are passed into the marketplace as legitimate programs, and third-party app-store repositories, which might not have stringent controls to vet new apps in their systems.¹ This method is particularly a risk for Androids with outdated operating systems and jailbroken iPhones.

Malware infections can also result from malicious websites that are designed to infect devices via direct “drive-by” download installation of malware or direct victim targeting through email, SMS, and MMS, where delivery of the malware can be achieved through a malicious attachment or URL via SMS- or MMS-based phishing attacks referred to as “smishing.” Other emerging methods of malware delivery to mobile devices include directing the user to a malicious website via a QR code and close-quarters infection using NFC chips.

Reference:

[1] https://for585.com/malwareinfections