Malware authors always target the most popular applications as a vector infect others with.  They can create realistic looking attacks by creating fake screens or web link invitations.  One a user clicks on this with a vulnerable device this fake application can infect their device.  ESET Security is reporting some early attacks in this area:

ESET has discovered the first ever fake lock screen app on Google Play, named Pokémon GO Ultimate. As its characteristics suggest, it deliberately locks the screen right after the app is started, forcing the user to restart the device. Unfortunately, in many cases a reboot is not available because the activity of the malicious app overlays all the other apps as well as system windows. The user needs to restart the device either by pulling out the battery or using Android Device Manager. After reboot, it runs in the background hidden from the victim, silently clicking on porn ads online. The bad guys are aware of this and are trying to exploit the hype by infecting Pokémon-hungry victims with malicious fake apps. Pokémon GO Ultimate serves as a perfect example, promising the victim to play the original title, but instead delivering only malicious activity.