Glitch SPY: New Android RAT Distributed Through Fake Polish Rental App Targets Users via Accessibility Service Abuse
By
Cyble
Summary
Cyble Research Labs identified Glitch SPY, a new Android Remote Access Trojan (RAT) builder platform discovered through an exposed command-and-control admin panel. The malware was distributed via a fake Polish apartment rental website (tutaj-dompl[.]com) targeting users in Poland or Polish expats. Victims who downloaded the fake rental app received the Brokewell Android Loader, which acted as a dropper to install the Glitch SPY payload. The malware heavily abuses Android Accessibility Services to steal credentials, intercept SMS messages, log keystrokes, and exfiltrate device data.
Source
bskyGlitch SPY: New Android RAT Distributed Through Fake Polish Rental App Targets Users via Accessibility Service Abusehendryadrian.comKey quotes
· 4 pulledCyble identified Glitch SPY as an emerging Android RAT/builder platform seen on an exposed C&C admin panel.
The malware was distributed through a fake Polish rental website, tutaj-dompl[.]com, targeting users in Poland or Polish expats.
The downloaded app was the Brokewell Android Loader, which acted as a dropper to install the Glitch SPY payload.
Glitch SPY heavily abuses Android Accessibility Services to steal credentials, intercept SMS messages, log keystrokes, and exfiltrate device data.
You might also wanna read
Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code
The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re
aikido.dev·3mo agoExploiting CVE-2024-50264: Using Kernel-Hack-Drill to Overcome Linux Kernel Vulnerability Challenges
This technical article details the exploitation of CVE-2024-50264, a challenging Linux kernel vulnerability that won the Pwnie Award 2025 fo
Pixnapping: New Android Security Attack Steals Data from Apps and Websites
Pixnapping is a new class of Android security attacks that enables malicious apps to stealthily leak information from other apps and website
Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure
Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu

Critical BLE Vulnerability Allows Root-Level Takeover of Unitree Robots
Security researchers disclosed a critical Bluetooth Low Energy (BLE) vulnerability in Unitree robots (Go2, B2, G1, H1) on 20 September. The
spectrum.ieee.org·9mo agoTechnical Discussion: The Ongoing Battle Between Android Modders and Google's PlayIntegrity Security
This article discusses the ongoing technical battle between Google and developers/users trying to bypass PlayIntegrity checks on Android dev

Comments
Sign in to join the conversation.
No comments yet. Be the first.