Overlays are often used in Android malware.
They are actually a burden to other domains such as browser extensions. This research, by Marek Toth, shows how click jacking [on hidden overlays] can trick the end-user in sharing his/her entire password manager.
https://marektoth.com/blog/dom-based-extension-clickjacking/#detection
If you prefer to read a curated version in French: https://infosec.exchange/@nono2357/115065609716393905
