If you have no/half knowledge then stop from using that here. You can check about fixes here (https://security.samsungmobile.com/securityUpdate.smsb) , this is Samsung owns patches and for Android one go to Android security bulletins.
Android can easily gets malware(and had done in past), and it can bypass permission manager too in some case by exploiting vulnerability in different components of operating system. Some times ago one malware which was found in app with install base of millions (bypassed play protect by obfuscating the code, later revealed by Norton security and then removed by google) was stealing banking related information, other time one malware was stealing clipboard data, one vulnerability was allowing to overflow stack and installing adware in phone to get ad clicks. There was one exploit where you don't even have to install any application.Unauthorized actor just need to send sms with hidden code, which executes itself without opening sms and install the requare code in Android and do its dirty work
You see, lots of things have happened in past. And security patches are important and integral part update.
They(malware) are not just simple app, they target specific vulnerability to bypass all the restriction of OS.

Second:- Play store protection can easily be fooled lots of time , like CM coperation (owner of Es file explorer , CM beauty , and other popular app with more than 100 million installation) banned by Google when they found their app contains malware (revealed by independent security researchers, not google), or just 2 week ago a Barcode scanner application with 10 or 100 millions installation was in play store with malware.

I dont know i laugh or cry for you.

Half knowledge will get you this only. FYI malware and Viruses are different thing

It's not half knowledge.. i just not type too much