
A fake version of the Android WhatsApp app was downloaded a million times from the Google Play Store before users discovered the fraud, and Google removed it.

Android security: Coin miners show up in apps and sites to wear out your CPU
Expect to see more miners silently chewing up CPU resources through your browser.
Read More
One of several fake WhatsApp apps was downloaded between one million and five million times before it was flagged by users on Reddit. The app, which was called ‘Update WhatsApp’, looked identical to the real WhatsApp.
So, the real WhatsApp developer ID URL looks like this:
https://play.google.com/store/apps/developer?id=WhatsApp+Inc
https://play.google.com/store/apps/developer?id=WhatsApp+Inc.%C2%A0
Fortunately, the developer appears only to have used the bogus app to make money through advertising. However, the same technique could have been used to distribute more harmful malware.
The Play Store is widely recommended as the safest place from which to install Android but Google has had trouble keeping it free of malware. The latest trend among developers is to hide cryptocurrency miners in apps, which use a device’s CPU without asking the user permission.

Fake WhatsApp with a 4.2 star rating and over 6,000 reviews.
Previous and related coverage
BankBot trojan malware waits twenty minutes after the app is used before moving to run its payload.
Malware authors cash in on Android users through SMS fraud and unwanted online subscriptions.
There are many legitimate business reasons to access streamed audio and video files, such as engaging in training, reviewing news or industry-related content or conducting business research.