They can be sued, but whether or not that will be successful is an entirely different discussion. They didn't develop or run the app, and malicious apps aren't allowed in the Play Store in the first place. Checking all apps with 100% accuracy is a literal impossibility as well, so you can't really hold that against them.
Apple does that. And not only check for “malwares”, but also see if the app matches their guidelines. Are you saying that an company worth ~$766 billions (Alphabet) can’t create a system and hire people to check their apps?
I'm saying you cannot realistically expect any automated system to be
100% accurate in detection of malicious activity. Apple is famous for their walled garden approach, but even they suffer
occasional breaches. Android does say they check all apps being published according to
this page, but that doesn't mean a couple (or a thousand) won't slip through the cracks, especially because of their more open approach. You could argue that they're being negligent, which they easily could be, but that's ultimately up to the courts to decide. Meanwhile, all users could really do is either GTFO or practice due diligence.
To be clear, I'm not defending Google, just saying that litigation would be a weak option given the specified circumstances.