Distribution is centralized and Apple can end distribution if the app gets reported and add the malware to their malware scanning.
While possible, it should be more rare. When working on massive platforms it is typically the goal to minimize metrics like malware installs as opposed to trying to make them 0. The relative probabilities are important.
Scanning apps for malware, preventing them from being installed or run, and warning about malicious apps, doesn't actually require centralized distribution or limiting sideloading. This malware problem with sideloading has already been solved, by Google with Play Protect on mobile, by every other system that allows 'sideloading' and has some kind of antivirus, and by Apple themselves in macOS.
Compared to an antivirus (macos, windows, android, all have protection built-in), that could detect a malicious app, or receive a report about a malicious app and then block it from being run, having an app store in the chain might not even be that much help or be at all different in that process.
If anything, giving potential malware apps a chance to be published on an app store, get that scale, visibility and access to an audience outright, and hang there even if for a little bit before getting taken down, could be kinda worse than if malware apps were distributed across smaller venues. Where, through what channel could a malware app get access to biggest amount of people? Through a centralized app store. (especially if it's the only one on the platform, and the only way to install apps*, forcing all users of the platform to be there.) An app store gives potential malware makers access to an existing audience, ready to be exploited, and a centralized app store ensures that it's the biggest audience possible.
