This Android flaw is ‘used by most ransomware’. But Google won’t fix it until Android O
The two newest versions of Android are vulnerable to a permissions feature being exploited by ransomware and banking malware.
Security firm Check Point has examined Android’s permission model and discovered it contains an odd bug that has become a favorite tool for ransomware, adware, and banking trojans to hijack victims’ screens with phishing pages and extortion demands.
This problem stems from an extremely sensitive permission in Android 6.0 Marshmallow, the most widely used version of Android, called SYSTEM_ALERT_WINDOW. The permission allows an app to create windows that overlay all other apps.