This is what happens when you have an "app store" with no approval or review process. Google should be cracking down on this, just like those ads they were displaying[1] which would serve up malware-infected versions of Firefox whenever someone searched for "Firefox".
I reported an issue with spoofing on the Google play store about 6 months ago. They told me there was no timeframe for the fix, and no fix yet as far as I'm aware. Maybe if I post it here someone from google will do something...
Just so everyone is aware, you can use any email address as your company email address on the google play store without verification. This means when looking at an app, you see the email is support@legitcompany.com and think it's from them, but it's not.
A lot of people lost bitcoins because of the malicious ad problem. Somebody spoofed blockchain.info and stole a bunch of credentials... The entire bitcoin subreddit reported it, yet 2 months later it was back up.
[1] https://productforums.google.com/forum/#!topic/websearch/IFl...