TechnologyIndia

Fake “Cockroach Janta Party” Android App Spreading Dangerous Banking Malware, Warns TraceX Labs

By Pradum Shukla
Cockroach Janta Party

Share

Indian cybersecurity company TraceX Labs has issued a critical security advisory warning Android users about a dangerous malware campaign disguised as a “Cockroach Janta Party” mobile application. The fake app is reportedly being circulated through WhatsApp, Telegram groups, APK-sharing platforms, and malicious download websites.

According to cybersecurity researchers, the application is not an official app but a sophisticated Android Remote Access Trojan (RAT), spyware, and banking malware capable of stealing highly sensitive user data from infected smartphones.

Malware Campaign Exploiting Viral Internet Trend

Researchers revealed that cybercriminals are taking advantage of the viral popularity surrounding the “Cockroach Janta Party” internet trend to trick users into downloading the malicious APK file. Attackers are reportedly using politically themed social engineering tactics and trending online discussions to gain trust and convince users to install the app manually.

TraceX Labs clarified that the real Cockroach Janta Party has no connection to the malware campaign and is itself being impersonated by threat actors.

Malware Spreading Through WhatsApp and Telegram

The advisory states that the fake APK is mainly being distributed through:

  • WhatsApp APK sharing
  • Telegram groups and channels
  • Fake APK download websites
  • Third-party Android app stores
  • Politically themed social engineering campaigns

Researchers found evidence of the malicious file being shared directly in messaging groups under names such as “Cockroach Janta Party.apk.”

Security experts warned that users who install APK files from unofficial sources face significantly higher risks because such apps bypass Google Play Store security protections.

Dangerous Permissions Requested by the Fake App

Once installed, the malware reportedly requests several high-risk Android permissions, including:

  • SMS access
  • Contact permissions
  • Call log access
  • Camera permissions
  • Storage access
  • Accessibility Services permissions

Cybersecurity experts highlighted that Accessibility Services access is especially dangerous because it allows malware to monitor on-screen activity, capture OTPs, bypass security prompts, and secretly interact with banking applications in the background.

Advanced Spyware and Banking Malware Features Detected

TraceX Labs conducted a reverse engineering analysis of the APK and discovered multiple spyware-related modules embedded inside the application.

According to the report, the malware is capable of:

  • Intercepting SMS messages and banking OTPs
  • Stealing contacts and call history
  • Monitoring banking apps
  • Collecting files and media from storage
  • Tracking device information
  • Running background surveillance operations
  • Fingerprinting infected devices

Researchers reportedly identified suspicious components such as:

  • AccessibilityServiceStub.smali
  • SmsForward.smali
  • TelegramC2.smali
  • ProcessMonitor.smali

These components indicate advanced credential theft and spying functionality.

Telegram Bot API Used for Command-and-Control Operations

The cybersecurity company also revealed that attackers are using Telegram’s Bot API as command-and-control (C2) infrastructure.

Researchers explained that this method helps malicious traffic blend with legitimate Telegram and HTTPS network traffic, making detection harder during normal monitoring.

The spyware can reportedly exfiltrate:

  • SMS messages and OTPs
  • Contacts and call logs
  • Photos and media files
  • Documents stored on the device
  • SIM information
  • Device details
  • Running app information

Experts warned that infected users could become victims of identity theft, banking fraud, unauthorized financial transactions, and serious privacy breaches.

Indian Android Users Main Target

According to TraceX Labs, Indian smartphone users appear to be the primary target of the malware campaign. Researchers reportedly discovered hardcoded references related to India and Reliance Jio within the spyware codebase.

The malware is said to affect Android devices running Android 8 through Android 14 and primarily spreads through side-loaded APK installations outside the Google Play Store ecosystem.

TraceX Labs Shares Safety Recommendations

To stay protected from Android spyware and banking malware, cybersecurity experts advised users to:

  • Download apps only from trusted sources like the Google Play Store
  • Avoid APK files shared via WhatsApp or Telegram
  • Keep Google Play Protect enabled
  • Disable “Install from Unknown Sources”
  • Carefully review app permissions
  • Never grant Accessibility permissions to unknown applications
  • Use authenticator apps instead of SMS-based OTP verification

Users who suspect infection are advised to immediately uninstall suspicious apps, disable Accessibility permissions, reset important passwords using another trusted device, and monitor banking accounts for unusual activity.

TraceX Labs emphasized that cybercriminals are increasingly using viral trends, political branding, and social engineering techniques to target smartphone users, making cybersecurity awareness more important than ever.

SOURCE- https://tracexlabs.com/reports/cockroach-janta-party-malware-threat-report-2026.html

Pradum Shukla
Pradum Shuklahttps://xpertkashi.in
Pradum Shukla is a seasoned journalist and editor at Xpert Kashi. With a keen eye for detail and a passion for uncovering the truth, Pradum has established himself as a trusted voice in the media industry. His dedication to delivering accurate and insightful news has earned him a reputation for excellence in journalism. At Xpert Kashi, Pradum leads a team of talented writers and reporters, guiding them in producing compelling stories that inform and engage the community.

Table of contents [hide]

Read more

More News