Cockroach Janta Party: Beware of a Dangerous Android Malware
- 2 days ago
- 3 min read
The “Cockroach Janta Party” APK is spreading across India through WhatsApp, Telegram groups, and fake APK download websites. Cybersecurity experts warned that infected users may face identity theft, banking fraud, financial loss, unauthorized transactions, account compromise, and severe privacy risks.
By Santosh Kumar
A dangerous Android malware campaign disguised as the “Cockroach Janta Party” APK is spreading across India through WhatsApp, Telegram groups, and fake APK download websites, according to a detailed threat intelligence report published by TraceX Labs.
Cybersecurity researchers have classified the threat as “CRITICAL,” warning that the malicious application is capable of stealing OTPs, SMS messages, contacts, banking-related information, media files, and sensitive user data directly from infected Android smartphones.
The malware campaign appears to exploit the viral popularity of the online “Cockroach Janta Party” movement and related meme culture discussions to trick Android users into manually downloading malicious APK files outside the Google Play Store.
According to the report, attackers are distributing the malware through WhatsApp APK sharing, Telegram groups, fake “Join Party” invitation links, and third-party APK distribution websites. Researchers warned that many users may falsely believe the application is an official campaign or membership app associated with the viral online movement.
Once installed, the fake APK reportedly requests several highly dangerous Android permissions, including SMS access, contacts access, call logs, camera access, external storage access, and Android Accessibility Services.
Cybersecurity experts say the Accessibility permission is particularly dangerous because it allows the malware to read content displayed on the screen, including OTPs, passwords, and banking information.
The malware can also reportedly perform automated screen clicks, bypass Android security warnings, and silently control infected devices in the background.
TraceX Labs researchers conducted reverse engineering and malware analysis on the APK and discovered multiple spyware modules embedded inside the application. According to the report, the malware contains components linked to OTP interception, SMS forwarding, contact harvesting, call history theft, media theft, file collection, device fingerprinting, and Telegram-based command-and-control communication.
The investigation also found that the malware uses Telegram Bot API infrastructure to exfiltrate stolen information through encrypted HTTPS traffic. Researchers noted that this technique allows malicious traffic to blend with legitimate Telegram and Google services, making detection significantly harder.
The report suggests that Indian Android users are the primary targets of the campaign. Researchers reportedly discovered hardcoded references related to India and Reliance Jio within the malware source code.
Cybersecurity experts warned that infected users may face identity theft, banking fraud, financial loss, unauthorized transactions, account compromise, and severe privacy risks.
The malware campaign emerged alongside controversy surrounding the Cockroach Janta Party movement after claims surfaced online alleging that the group’s website had been taken down by the government. However, technical analysis of the website’s DNS and domain records reportedly indicates that the domain entered a “clientHold” status, which generally reflects registrar-level or hosting-related actions rather than government censorship.
Experts explained that government website blocking in India is usually implemented through ISP-level filtering, while the Cockroach Janta Party domain reportedly became inaccessible worldwide through NXDOMAIN responses, suggesting a different technical cause.
Researchers emphasized that the incident highlights how viral online trends, meme culture, and politically themed social media campaigns are increasingly being exploited by cybercriminals to spread malware and conduct phishing operations.
TraceX Labs has advised Android users to avoid installing APK files received through WhatsApp, Telegram, or unofficial websites. Security experts also recommended downloading applications only from trusted sources such as the Google Play Store, keeping Google Play Protect enabled, carefully reviewing app permissions, and never granting Accessibility permissions to unknown applications.
Users who suspect infection have been advised to immediately uninstall suspicious apps, revoke Accessibility permissions, reset passwords from another trusted device, and monitor banking accounts for unauthorized activity.
The complete 33-page threat intelligence report published by TraceX Labs includes reverse engineering findings, Indicators of Compromise (IOCs), malware hashes, Telegram infrastructure analysis, and network traffic evidence related to the campaign.
Courtesy countercurrents.org