TraceX Labs Warns About Fake “Cockroach Janta Party” Android Malware Campaign Targeting Indian Users

(MENAFN- Ansha Media) Indian cybersecurity startup TraceX Labs has released a detailed threat intelligence report warning Android users about a dangerous malware campaign spreading through a fake mobile application named “Cockroach Janta Party.apk.”

According to the company, the malicious APK is being circulated through WhatsApp forwarding chains, Telegram groups, APK-sharing platforms, and suspicious third-party download websites. Researchers warned that attackers are exploiting the viral popularity of the “Cockroach Janta Party” trend to socially engineer Gen Z users into installing malware on their Android devices.

The company clarified that the legitimate Cockroach Janta Party movement or organization has no connection to the malware campaign and is itself a victim of impersonation and fake branding abuse by cybercriminals.

TraceX Labs classified the APK as a sophisticated Android spyware, banking trojan, and Remote Access Trojan (RAT) capable of stealing sensitive user data from infected smartphones.

According to the report, the malware can allegedly access:

SMS messages and OTPs
Contacts and call logs
Banking-related information
Device details and identifiers
Gallery photos and screenshots
Stored files and media
Running application information

The investigation reportedly began after researchers received the APK sample through WhatsApp and Telegram channels. Initially, the application appeared to be related to a Gen Z political movement, prompting researchers to manually inspect and analyze the APK inside a controlled Android testing environment.

Researchers stated that immediately after installation, the application requested multiple dangerous Android permissions, including:

SMS access
Contacts access
Call log access
Camera permissions
Storage permissions
Accessibility Service permissions

The unusually high number of sensitive permissions quickly raised suspicion regarding the legitimacy and purpose of the application.

Following the discovery, the TraceX Labs team conducted reverse engineering, static analysis, runtime behavioral inspection, APK decompilation, and network traffic monitoring to understand the malware’s functionality.

The APK was manually decompiled using APKTool to inspect the AndroidManifest.xml configuration file, application resources, and Smali source code.

During reverse engineering, researchers identified several suspicious modules allegedly linked to spyware and surveillance behavior, including components designed for:

SMS forwarding
Call history theft
Contact harvesting
Gallery media extraction
Accessibility abuse
Telegram-based command-and-control communication

The report stated that one of the most concerning findings involved the use of Telegram infrastructure as a real-time command-and-control (C2) system. According to researchers, the malware established background HTTPS connections to Telegram APIs and allegedly used embedded bot credentials to transmit stolen information.

Researchers also observed network communication involving:

api.telegram
cockroachjantaparty[.]org
Additional Google-related services allegedly used for traffic masking

According to the advisory, attackers increasingly use Telegram because encrypted HTTPS traffic can make malicious communication appear legitimate and more difficult to detect.

Santhosh Kumar stated that the application immediately appeared suspicious because of the large number of highly sensitive permissions requested during installation.

Kiran Singh Rajpurohit warned that cybercriminals are increasingly leveraging viral political trends, meme culture, and WhatsApp sharing chains to distribute Android spyware and banking malware targeting Indian users.

The report highlighted Android Accessibility permissions as one of the biggest security concerns during the investigation. Researchers explained that Accessibility access may allow malicious applications to:

Read on-screen content
Capture OTPs and passwords
Monitor user activity
Interact with banking applications
Perform automated actions
Bypass security prompts

Combined with camera, SMS, and storage permissions, researchers stated that the APK strongly resembled Android surveillance malware and financial trojan behavior.

The advisory urged users to avoid installing APK files received through WhatsApp, Telegram, or unofficial download websites. Users were advised to install applications only from trusted sources such as the Google Play Store and to carefully review application permissions before installation.

TraceX Labs also recommended that users immediately uninstall the application if detected on their devices, disable suspicious Accessibility Services, change banking passwords from a trusted device, and monitor financial accounts for suspicious activity.

According to the report, the fake “Cockroach Janta Party.apk” campaign demonstrates how cybercriminals are increasingly weaponizing viral internet trends and political branding for malware distribution and social engineering operations targeting Android users across India.

The malware analysis, reverse engineering, infrastructure investigation, and threat intelligence research were conducted internally by the TraceX Labs research team, including Ashib Mansoori, Kiran Singh Rajpurohit, and Santhosh Kumar.

MENAFN31052026006003013093ID1111188557