Organizations provide their end-users means of connecting to internal network resources, typically laptops with specific operating systems under the control of IT. As technology advances, access may also be allowed also to mobile devices apart from laptops, specifically mobile phones and tablets.
IT most probably tries their best in controlling the allowed devices, but eventually usage of allowed devices can spread in negative way.
Depending on the OS of these devices the attack surface can be high, which unfortunately for Android devices is quite big. This is because of the poor vulnerability management practices provided by the device vendors. For Apple and Microsoft products the patching is currently consistent, but with Android devices many vendors neglect the patching of the core operating system.
If all vendors would follow Google's patches for Android operating system there wouldn't be such a problem. However, millions of handhelds, apart from Nexus and Pixel branded devices, are typically vulnerable for many different kind of exploits.
Devices can be taken under attacker control, even only if the user happens to visit a malicious web page or receives a malicious SMS or email with evil content. Another avenue of infection is via installing applications, the user can install software that brings the malicious capability to the device, typically through a non-approved marketplace (but also the approved Google marketplace).
Here is the Trend Micro article about the MilkyDoor threat: http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/