The evolution of Android malware has made incontestable progress in the last few years and it often follows in the footsteps of PC-based malware, except that it happens at an accelerated pace.
Often, malicious apps gain control of a system in several steps, using different modules. There is typically only one initial module which, once it gets executed, either drops some embedded modules or downloads other modules and installs them to achieve its full range of mischievous behavior.
On the Android platform, users have limited visibility when installing packages, especially when side-loading (i.e. manually installing packages or installing from non-official app markets). This is why most Android malware that includes other malware does this embedding in the simplest way: they simply include the payload either as a raw resource or as an asset in their own package.
This used to be the case for PC-based malware when simple Trojan horse programs (often called “...