403
Sorry!!
Error! We're sorry, but the page you were looking for doesn't exist.
Fake “Cockroach Janta Party” Android App Flagged as Malware Threat by TraceX Labs
(MENAFN- Ansha Media) Fake “Cockroach Janta Party” Android App Identified as Spyware and Banking Malware, Warns TraceX Labs
Indian cybersecurity company TraceX Labs has issued a public security advisory warning Android users about a dangerous malware campaign involving a fake mobile application distributed under the name “Cockroach Janta Party.apk.”
According to the company’s threat intelligence team, the malicious APK is actively spreading through WhatsApp groups, Telegram channels, APK-sharing communities, and suspicious third-party APK download websites targeting Indian Android users.
Researchers classified the malware as a sophisticated Android spyware, banking trojan, and Remote Access Trojan (RAT) capable of stealing SMS messages, OTPs, contacts, call logs, gallery media, banking-related information, device details, and sensitive personal data from infected smartphones.
The advisory repeatedly clarified that the legitimate “Cockroach Janta Party” movement or political organization has no involvement with the malicious APK and is itself a victim of impersonation and fake branding abuse by cybercriminals.
The investigation reportedly began after researchers at TraceX Labs received an APK file named “Cockroach Janta Party.apk” through WhatsApp and Telegram distribution channels. Initially, the application appeared to be associated with a Gen Z political movement or campaign app, prompting researchers to manually inspect and analyze it on an Android test device.
According to the report, immediately after installation, the application began requesting an unusually high number of dangerous Android permissions, including:
SMS access
Contacts access
Call logs access
Camera permissions
Storage access
Android Accessibility Service permissions
Researchers stated that the excessive permission requests immediately raised suspicion regarding the legitimacy and intent of the application.
Following the discovery, the TraceX Labs team conducted detailed malware analysis procedures including manual testing, static analysis, runtime behavioral inspection, reverse engineering, APK decompilation, and network traffic monitoring.
The APK was manually decompiled using APKTool to inspect the AndroidManifest.xml file, embedded resources, and Smali source code.
During reverse engineering, researchers identified multiple suspicious modules embedded inside the malware, including:
CallLogs.smali — designed to steal call history and communication metadata
Contacts.smali — used to exfiltrate victim contacts and address books
SmsForward.smali — capable of forwarding OTPs and SMS messages
Gallery.smali — used for stealing gallery photos and screenshots
AccessibilityServiceStub.smali — used for screen monitoring, automated UI interaction, and accessibility abuse
TelegramC2.smali — responsible for command-and-control communication through Telegram infrastructure
Researchers noted that the malware appeared specifically designed for long-term surveillance, credential theft, financial fraud, and real-time victim monitoring.
The investigation also revealed that the malware established multiple HTTPS connections immediately after execution. According to the analysis, the application communicated with:
api.telegram
cockroachjantaparty[.]org
Additional Google-related services allegedly used for traffic masking
One of the most critical findings was the discovery of hardcoded Telegram Bot API credentials embedded directly inside the malware source code, confirming that attackers were using Telegram as a real-time command-and-control (C2) infrastructure for exfiltrating victim data.
According to the report, the malware was capable of stealing:
SMS messages and OTPs
Call logs and communication history
Contacts and phone numbers
SIM card information
Device identifiers and hardware information
Gallery photos and screenshots
Banking-related application activity
Local network information
Files stored on the device
Researchers warned that attackers are increasingly using politically viral content, meme culture, and social engineering campaigns to trick Gen Z users into installing malicious Android APKs outside trusted app stores.
Santhosh Kumar stated that the application immediately raised suspicion due to the volume of sensitive permissions requested during installation.
Kiran Singh Rajpurohit added that WhatsApp forwarding chains and Telegram groups are increasingly becoming major malware distribution vectors targeting Indian smartphone users.
The report highlighted the dangers of granting Accessibility permissions to unknown applications. According to researchers, Accessibility access can allow malicious apps to:
Read on-screen content
Capture OTPs and passwords
Monitor user activity
Interact with banking applications
Perform automated actions
Bypass Android security prompts
Combined with SMS and camera permissions, researchers stated that the application strongly resembled Android surveillance malware and banking trojan behavior.
The report also explained that Telegram-based command-and-control systems, commonly referred to as “TelegramC2,” are increasingly being used by cybercriminals because Telegram traffic appears legitimate and HTTPS encryption helps attackers evade traditional detection systems.
Researchers advised Android users to immediately uninstall the application if found installed on their devices, disable suspicious Accessibility Services, reset banking passwords using another trusted device, and monitor bank accounts for suspicious activity.
The advisory further recommended that users:
Install applications only from the Google Play Store
Keep Google Play Protect enabled
Review application permissions carefully
Avoid APKs shared through WhatsApp or Telegram
Never grant Accessibility permissions to unknown apps
According to TraceX Labs, the fake “Cockroach Janta Party.apk” campaign demonstrates how cybercriminals are increasingly exploiting viral political trends and online movements as social engineering tools to distribute spyware and banking malware at scale.
The reverse engineering, infrastructure investigation, spyware analysis, and malware attribution work related to the fake CJP APK campaign were conducted internally by the TraceX Labs research team, including Ashib Mansoori, Kiran Singh Rajpurohit, and Santhosh Kumar.
Indian cybersecurity company TraceX Labs has issued a public security advisory warning Android users about a dangerous malware campaign involving a fake mobile application distributed under the name “Cockroach Janta Party.apk.”
According to the company’s threat intelligence team, the malicious APK is actively spreading through WhatsApp groups, Telegram channels, APK-sharing communities, and suspicious third-party APK download websites targeting Indian Android users.
Researchers classified the malware as a sophisticated Android spyware, banking trojan, and Remote Access Trojan (RAT) capable of stealing SMS messages, OTPs, contacts, call logs, gallery media, banking-related information, device details, and sensitive personal data from infected smartphones.
The advisory repeatedly clarified that the legitimate “Cockroach Janta Party” movement or political organization has no involvement with the malicious APK and is itself a victim of impersonation and fake branding abuse by cybercriminals.
The investigation reportedly began after researchers at TraceX Labs received an APK file named “Cockroach Janta Party.apk” through WhatsApp and Telegram distribution channels. Initially, the application appeared to be associated with a Gen Z political movement or campaign app, prompting researchers to manually inspect and analyze it on an Android test device.
According to the report, immediately after installation, the application began requesting an unusually high number of dangerous Android permissions, including:
SMS access
Contacts access
Call logs access
Camera permissions
Storage access
Android Accessibility Service permissions
Researchers stated that the excessive permission requests immediately raised suspicion regarding the legitimacy and intent of the application.
Following the discovery, the TraceX Labs team conducted detailed malware analysis procedures including manual testing, static analysis, runtime behavioral inspection, reverse engineering, APK decompilation, and network traffic monitoring.
The APK was manually decompiled using APKTool to inspect the AndroidManifest.xml file, embedded resources, and Smali source code.
During reverse engineering, researchers identified multiple suspicious modules embedded inside the malware, including:
CallLogs.smali — designed to steal call history and communication metadata
Contacts.smali — used to exfiltrate victim contacts and address books
SmsForward.smali — capable of forwarding OTPs and SMS messages
Gallery.smali — used for stealing gallery photos and screenshots
AccessibilityServiceStub.smali — used for screen monitoring, automated UI interaction, and accessibility abuse
TelegramC2.smali — responsible for command-and-control communication through Telegram infrastructure
Researchers noted that the malware appeared specifically designed for long-term surveillance, credential theft, financial fraud, and real-time victim monitoring.
The investigation also revealed that the malware established multiple HTTPS connections immediately after execution. According to the analysis, the application communicated with:
api.telegram
cockroachjantaparty[.]org
Additional Google-related services allegedly used for traffic masking
One of the most critical findings was the discovery of hardcoded Telegram Bot API credentials embedded directly inside the malware source code, confirming that attackers were using Telegram as a real-time command-and-control (C2) infrastructure for exfiltrating victim data.
According to the report, the malware was capable of stealing:
SMS messages and OTPs
Call logs and communication history
Contacts and phone numbers
SIM card information
Device identifiers and hardware information
Gallery photos and screenshots
Banking-related application activity
Local network information
Files stored on the device
Researchers warned that attackers are increasingly using politically viral content, meme culture, and social engineering campaigns to trick Gen Z users into installing malicious Android APKs outside trusted app stores.
Santhosh Kumar stated that the application immediately raised suspicion due to the volume of sensitive permissions requested during installation.
Kiran Singh Rajpurohit added that WhatsApp forwarding chains and Telegram groups are increasingly becoming major malware distribution vectors targeting Indian smartphone users.
The report highlighted the dangers of granting Accessibility permissions to unknown applications. According to researchers, Accessibility access can allow malicious apps to:
Read on-screen content
Capture OTPs and passwords
Monitor user activity
Interact with banking applications
Perform automated actions
Bypass Android security prompts
Combined with SMS and camera permissions, researchers stated that the application strongly resembled Android surveillance malware and banking trojan behavior.
The report also explained that Telegram-based command-and-control systems, commonly referred to as “TelegramC2,” are increasingly being used by cybercriminals because Telegram traffic appears legitimate and HTTPS encryption helps attackers evade traditional detection systems.
Researchers advised Android users to immediately uninstall the application if found installed on their devices, disable suspicious Accessibility Services, reset banking passwords using another trusted device, and monitor bank accounts for suspicious activity.
The advisory further recommended that users:
Install applications only from the Google Play Store
Keep Google Play Protect enabled
Review application permissions carefully
Avoid APKs shared through WhatsApp or Telegram
Never grant Accessibility permissions to unknown apps
According to TraceX Labs, the fake “Cockroach Janta Party.apk” campaign demonstrates how cybercriminals are increasingly exploiting viral political trends and online movements as social engineering tools to distribute spyware and banking malware at scale.
The reverse engineering, infrastructure investigation, spyware analysis, and malware attribution work related to the fake CJP APK campaign were conducted internally by the TraceX Labs research team, including Ashib Mansoori, Kiran Singh Rajpurohit, and Santhosh Kumar.
Legal Disclaimer:
MENAFN provides the
information “as is” without warranty of any kind. We do not accept
any responsibility or liability for the accuracy, content, images,
videos, licenses, completeness, legality, or reliability of the information
contained in this article. If you have any complaints or copyright
issues related to this article, kindly contact the provider above.
Most popular stories
Market Research
Comments
No comment