A theoretical attack described by security researchers at the start of September has been integrated into a live malware distribution campaign for the first time. The technique disclosed in September is referred to as the Toast Overlay Attack and describes a way to use toast notifications to overlay content on top of other apps without malware needing access to the “Draw on top”” special permission. Google has also removed the two apps infected with ToastAmigo from the Google Play Store. ToastAmigo
Source: security