From the post on Avast's blog, the ones who started this whole thing, the scam is evidently to put out software with the same name as 50 different major companies, wait for people to mistakenly download, and pay $1.99 for the app. That's not much of a major criminal scheme, it's pretty pathetic and it is well within the powers of a major corporation like Microsoft to shut this down.
The really eye-opening part is when one of the "malicious" apps is defined as the following:
"Claiming to âoeprotect your phone from malware and theftâ, this malicious app runs in the background of victimsâ(TM) devices once downloaded and collects their data and location."
This is what Windows 10 does by design. I think we need to redefine what "malicious" means. In both softwares you clicked "I agree" to the T&C before continuing.