Crooks leverage the UsageStatsManager API for evil deeds
http://i1-news.softpedia-static.com/images/fitted/340x180/malware-finds-new-ways-to-bypass-security-controls-on-android-5-0-and-6-0.jpg
Jun 3, 2016 14:35 GMT · By Catalin Cimpanu A week after it revealed how Android malware uses the "target_sdk" attribute to bypass security features on Android Marshmallow (6.0), Symantec is now presenting technical details about two other methods used by crooks to skirt Android's defensive features once again.
As before, the culprits are the Android.Bankosy banking trojan and the Android.Cepsohord click-fraud bot, whose authors are apparently scouring GitHub projects for tricks on how to get a list of active processes (running tasks).
Discovering the list of active tasks is critical to malware creators since it allows them to sniff out the user's current applications and show a malicious phishing overlay on top to collect login credentials.
Full Article