I don't know any malicious app in OpenStore, but...
Can OpenStore be hijacked like Snapstore with malicious apps, like in the SnapStore case with malicious bitcoin wallets?
They had to switch to manual review.
https://linuxiac.com/snap-store-now-requires-manual-review-for-the-apps/
From what I read/saw about the apps, they were all web-app like apps, that gave the (only) possibility to import a wallet and then sent all private data to attacker. Isn't this possible to do within a coffined app in Ubuntu Touch too?