Malware app called MobonoGram 2019 installed over 100,000 from Google Play only to provide minimum messaging services and promote malicious websites. The app was available to users in regions that prohibited the use of Telegram (e.g. Russia, Iran) and would start automatically after booting the device, as well as after installing or updating an app. The developer made sure that the malicious service would run in the foreground because there’s a smaller chance for it to be killed by the system even when low on RAM.
Source: https://www.bleepingcomputer.com/news/security/unofficial-telegram-app-with-100k-installs-pushed-malicious-sites/