F-Droid [1] has a squeaky clean track record when it comes to malware [2]. Might be mostly just because the number of users is relatively low. Quality of course varies wildly, but that's to be expected.
[2] According to the Wikipedia article there were (are?) some old unmaintained apps using vulnerable native libraries but that's not intentional malware and every app store has apps with vulnerabilities of some sort.
[1] https://en.wikipedia.org/wiki/F-Droid
[2] According to the Wikipedia article there were (are?) some old unmaintained apps using vulnerable native libraries but that's not intentional malware and every app store has apps with vulnerabilities of some sort.