Glitch SPY RAT Targets Android Users via Fraudulent Rental Platform

Glitch SPY RAT Targets Android Users via Fraudulent Rental Platform

First seen 1 Jul 2026, 21:05 UTC GbhackersZimperiumcyble.com 86% similarity 74.0
Share:

Article Content

Browse articles
ThreatCluster

A new Android Remote Access Trojan (RAT) named Glitch SPY has emerged, exploiting a fraudulent Polish housing rental website to distribute a malicious APK. This malware, delivered through the Brokewell Android Loader, abuses the Android Accessibility Service to gain full control over infected devices. Once installed, Glitch SPY establishes a persistent connection to its command-and-control server, allowing the attackers to execute over 70 commands remotely. Zimperium has confirmed that their Mobile Threat Defense solutions can detect both the dropper and the Glitch SPY payload without requiring updates. The attack primarily targets Android users who unknowingly sideload the malicious application. Current reports indicate that Zimperium clients are protected against this threat, highlighting the importance of mobile security solutions. The malware's modular architecture allows for rapid customization and distribution across various campaigns.

Key Points: • Glitch SPY RAT exploits a fraudulent Polish rental site to distribute malware. • The malware uses Android Accessibility Service for full device control and surveillance. • Zimperium's Mobile Threat Defense offers out-of-the-box protection against Glitch SPY.

ThreatCluster AI

Timeline

2026-07-01
Glitch SPY RAT reported
Cyble reported the emergence of Glitch SPY, a new Android RAT using a fake rental platform to distribute malware.
Zimperium
2026-07-01
Zimperium confirms protection
Zimperium announced that its Mobile Threat Defense can detect Glitch SPY and its dropper without updates.
Zimperium
2026-07-01
Glitch SPY's capabilities detailed
The malware can execute over 70 commands once installed, indicating a high level of control for attackers.
Gbhackers

Community

Browse all →