Not this kind of malware specifically. Their snap repo has a policy of allowing fully automatic app submission as long as the app is sandboxed. This led to multiple people submiting modified crypto wallet apps under the branding of the original trusted devs, without any challenge on Ubuntu's part. You could also put up a Librewolf version that leaks all the passwords you type in, or a Signal without encryption - ✨ endless creativity ✨. This specific attack is harder on Flathub as all apps have to be checked by the moderation team, and they should ask question if your Librewolf package is built from your own repo.