“Screen hijack” vulnerability allows hackers to steal passwords, bank details, as well as helps ransomware apps extort money from victims. Problem originates due to a new permission called “System_ALERT_WINDOW,” which allows apps to overlap on a device’s screen and top of other apps. Google says it won’t be patched until the release of ‘Android O’ version, scheduled for release in the 3rd quarter this year. Google has been using an automated malware scanner called Bouncer to find malicious apps and prevent them from entering Google Play Store.
Source: https://thehackernews.com/2017/05/android-permissions-vulnerability.html