I think your "yes" answer is misleading. Remember, the question was not "can I export and import filters," which is a process that the user would have control over. The question was, "can malware create an email filter," which suggests, to me at least, that we're talking about a process that can run unexpectedly on its own without user involvement. A very different scenario.
Unfortunately, you're assuming the malware will have a single function, but any account comprimising trojan (malware) will have account extraction, remote access, and command and control.
Gmail introduced their last account activity feature a long time ago. http://www.shoutmeloud.com/your-gmail-is-hacked-crosscheck.html
This malware was discovered, Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data. https://www.wired.com/2014/10/hackers-using-gmail-drafts-update-malware-steal-data/
The reason people are asking this question - I was asking it too, that's what brought me to this site today - is that it appears to be happening! All of a sudden, there are filters in someone's Gmail account that he did not put there and that were not there some time ago. How'd they get there? Is there a way that some rogue message was able to do it by embedding some kind of code in a message? Was it something that he inadvertently clicked on, or that could somehow place them there when he believed he was doing something else?
I say this question remains unanswered. Most of the answers are leaning toward "no," but the fact remains that it nevertheless does appear to be happening in reality. It's still an open issue
May 4, 2016. Researchers uncover 24 million compromised Gmail accounts, and many others. http://www.androidauthority.com/reserchers-uncover-24-million-compromised-gmail-accounts-690751/
Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.