All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Glitch SPY: New Android RAT Distributed Through Fake Polish Rental App Targets Users via Accessibility Service Abuse

By

Cyble

3h ago· 4 min readenNews

Summary

Cyble Research Labs identified Glitch SPY, a new Android Remote Access Trojan (RAT) builder platform discovered through an exposed command-and-control admin panel. The malware was distributed via a fake Polish apartment rental website (tutaj-dompl[.]com) targeting users in Poland or Polish expats. Victims who downloaded the fake rental app received the Brokewell Android Loader, which acted as a dropper to install the Glitch SPY payload. The malware heavily abuses Android Accessibility Services to steal credentials, intercept SMS messages, log keystrokes, and exfiltrate device data.

Source

bskyGlitch SPY: New Android RAT Distributed Through Fake Polish Rental App Targets Users via Accessibility Service Abusehendryadrian.com

Key quotes

· 4 pulled
Cyble identified Glitch SPY as an emerging Android RAT/builder platform seen on an exposed C&C admin panel.
The malware was distributed through a fake Polish rental website, tutaj-dompl[.]com, targeting users in Poland or Polish expats.
The downloaded app was the Brokewell Android Loader, which acted as a dropper to install the Glitch SPY payload.
Glitch SPY heavily abuses Android Accessibility Services to steal credentials, intercept SMS messages, log keystrokes, and exfiltrate device data.
Snippet from the RSS feed
Cyble Research and Intelligence Labs uncovered Glitch SPY, an emerging Android malware family distributed through a fake Polish apartment rental website that tricks users into downloading an APK. The platform abuses Android Accessibility Se...

You might also wanna read

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·3mo ago

Exploiting CVE-2024-50264: Using Kernel-Hack-Drill to Overcome Linux Kernel Vulnerability Challenges

This technical article details the exploitation of CVE-2024-50264, a challenging Linux kernel vulnerability that won the Pwnie Award 2025 fo

a13xp0p0v.github.io·10mo ago

Pixnapping: New Android Security Attack Steals Data from Apps and Websites

Pixnapping is a new class of Android security attacks that enables malicious apps to stealthily leak information from other apps and website

pixnapping.com·8mo ago

Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure

Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu

Wiz.io·2mo ago

Critical BLE Vulnerability Allows Root-Level Takeover of Unitree Robots

Security researchers disclosed a critical Bluetooth Low Energy (BLE) vulnerability in Unitree robots (Go2, B2, G1, H1) on 20 September. The

spectrum.ieee.org·9mo ago

Technical Discussion: The Ongoing Battle Between Android Modders and Google's PlayIntegrity Security

This article discusses the ongoing technical battle between Google and developers/users trying to bypass PlayIntegrity checks on Android dev

xdaforums.com·5mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.