Cockroach Janta Party Malware APK Spreading on Android, Warns TraceX Labs

TraceX Labs has released a major public security advisory warning Android users about a dangerous spyware campaign involving a fake “Cockroach Janta Party” malware APK. According to cybersecurity researchers, the malicious Android application is actively spreading through WhatsApp, Telegram channels, and unofficial APK download platforms in an attempt to infect devices and steal sensitive user information.

The report identifies the fake application as a sophisticated Android Remote Access Trojan (RAT) and spyware capable of intercepting OTPs, monitoring device activity, stealing contacts and messages, collecting stored files, and silently surveilling infected smartphones. Researchers classified the malware threat level as CRITICAL due to its extensive spying capabilities and abuse of Android accessibility features.

Cybersecurity analysts warn that Android spyware campaigns are becoming increasingly sophisticated as attackers combine social engineering tactics with unofficial APK distribution methods to target users at scale.

Malware Campaign Spreading Through WhatsApp and Telegram

According to the TraceX Labs investigation, the fake “Cockroach Janta Party” malware APK is spreading through multiple distribution channels, including:

• WhatsApp APK file sharing
•  Telegram groups and channels
• Fake Android app download pages
• Third-party APK distribution websites
• Social engineering campaigns

Researchers explained that attackers are leveraging politically themed branding and trending public topics to gain user trust and encourage victims to manually install the APK on their Android devices.

Because the malware is distributed outside official app stores, users are typically required to enable Android’s “Install from Unknown Sources” setting, bypassing normal Google Play security protections.

The report notes that unofficial APK downloads shared through messaging platforms remain one of the largest infection vectors for Android malware operations targeting mobile users in India.

Dangerous Android Permissions Requested

One of the most serious findings highlighted in the advisory is the extensive set of dangerous Android permissions requested by the malware once installed.

The fake “Cockroach Janta Party” malware APK reportedly requests access to:

SMS messages
Contacts
Call logs
Camera
Device storage
Accessibility services

Security researchers warn that granting these permissions could provide attackers with broad control over the infected device and allow access to highly sensitive user information.

TraceX Labs specifically identified abuse of Android Accessibility Services as one of the malware’s most dangerous capabilities. According to researchers, if users enable accessibility permissions, the spyware may gain the ability to:

• Read on-screen content including OTPs and passwords
• Capture banking-related information
• Perform automated clicks and gestures
• Interact with applications silently in the background
• Bypass Android security warnings
• Monitor user activity continuously

Cybersecurity experts say accessibility abuse has become increasingly common among Android banking trojans and spyware because it allows attackers to monitor and manipulate user activity without requiring advanced exploits or rooting the device.

Reverse Engineering Reveals Advanced Spyware Features

TraceX Labs conducted a detailed reverse engineering investigation of the APK using Android malware analysis and decompilation tools.

The analysis uncovered multiple embedded spyware modules inside the fake “Cockroach Janta Party” application, including components capable of:

• SMS interception and OTP forwarding
• Contact theft
• Call history extraction
• Device fingerprinting
• Gallery and media theft
• File collection from storage
• Process and application monitoring
• Network activity monitoring
• Background surveillance operations

Researchers noted that the malware appears specifically engineered for long-term surveillance, credential theft, and financial fraud operations rather than simple adware or spam activity.

The report also revealed that the spyware continuously communicates with remote infrastructure while blending malicious traffic with legitimate encrypted internet activity, making detection more difficult during normal network monitoring.

Network Analysis Shows Active Data Exfiltration

During behavioral and network traffic analysis, researchers observed the malware actively transmitting sensitive information from infected Android devices. According to the report, the spyware can exfiltrate:

• SMS messages and OTPs
• Contacts and call logs
• Device identifiers
• Photos and media files
• Stored documents
• SIM-related information
• Running application data

TraceX Labs warned that these capabilities could expose victims to identity theft, banking fraud, unauthorized account access, social media compromise, and serious privacy violations.

Researchers also noted that the malware establishes encrypted connections and attempts to blend malicious traffic with legitimate internet services to avoid detection.

Security Recommendations From TraceX Labs

The cybersecurity firm advised Android users to follow strict mobile security practices to reduce the risk of infection.

Recommendations include:

Install applications only from trusted app stores
Avoid APK files shared through WhatsApp or Telegram
Keep Google Play Protect enabled
Carefully review app permissions before granting access
Never enable accessibility permissions for unknown applications
Use authenticator apps instead of SMS-based OTP authentication whenever possible

Users who suspect infection are advised to immediately uninstall suspicious applications, revoke accessibility permissions, reset important passwords using another trusted device, and monitor banking activity for unauthorized transactions.

Growing Threat of Android Spyware Campaigns

Cybersecurity researchers say Android spyware operations continue evolving rapidly as attackers increasingly abuse social engineering, trending public themes, and unofficial APK distribution channels to target users.

TraceX Labs emphasized that public awareness, cautious app installation practices, and strong mobile security hygiene remain critical defenses against modern Android malware threats.

The full threat intelligence report is available through the official TraceX Labs platform.