A cybersecurity report has warned that fake Cockroach Janta Party Android apps are spreading malware and stealing user data.
Researchers found spyware and RAT-like behaviour capable of accessing OTPs, contacts, call logs and device activity.
The malicious APK is being circulated through WhatsApp, Telegram and third-party websites targeting Gen Z users.
Cybercriminals are exploiting the viral popularity of the satirical digital platform Cockroach Janta Party to target Android users with fake malware-infected apps, according to a cybersecurity report prepared by Mumbai-based TraceX Labs.
The 33-page report warned that a fake Android APK posing as the official app of the Cockroach Janta Party (CJP) is capable of hacking devices, stealing sensitive user data and remotely controlling infected phones.
Malware APK Circulated Through WhatsApp, Telegram
The report, dated May 22, found that the malicious APK file was being circulated through WhatsApp forwarding chains, Telegram groups and third-party websites using the domain “cockroachjantaparty[.]org”.
Researchers said the app requested access to highly sensitive Android permissions, including SMS, contacts, storage, call logs and accessibility services.
According to the report, these permissions are commonly exploited by Android spyware and banking malware to steal OTPs, monitor activity, capture credentials and access personal information.
The analysis concluded that the app has no connection with the actual Cockroach Janta Party and is merely exploiting its growing popularity among Gen Z users.
Researchers Found Spyware, RAT-Like Behaviour
The forensic investigation reportedly revealed spyware and Remote Access Trojan (RAT)-like behaviour within the APK.
Researchers identified suspicious modules capable of OTP theft, reading on-screen activity, extracting call logs and contacts, monitoring device behaviour, sending stolen data through telegram bot API infrastructure
The report also flagged DNS queries linked to rogue domains, multiple suspicious HTTPS connections and data exfiltration activity shortly after installation.
Researchers said the malware uses Telegram-based command-and-control infrastructure, allowing attackers to communicate with infected devices through encrypted channels.
How Researchers Detected The Threat
According to Santhosh Kumar, the investigation began after researchers received an APK file named “Cockroach Janta Party.apk” through WhatsApp.
“Immediately after installation, the application began requesting a large number of dangerous permissions, including access to SMS messages, contacts, call logs, camera, storage, and most critically, the accessibility service,” Kumar said.
The team conducted reverse engineering, runtime analysis, manual testing and APK decompilation using APKTool to inspect the malware’s internal behaviour.
During the investigation, researchers found malicious code modules including “CallLogs.smali”, allegedly designed to steal users’ call history.
Experts Warn Of Rise In Trend-Based Cyber Attacks
Cybersecurity experts warned that attackers are increasingly using viral political and meme-based content to lure users into downloading malicious applications.
N. Ashwin said attackers were leveraging meme culture and politically trending content to socially engineer Gen Z users into installing malware through unofficial APK links.
Meanwhile, Kiran Singh Rajpurohit said politically viral content, Telegram communities and WhatsApp chains are becoming major distribution channels for Android spyware in India.
Researchers advised users to avoid downloading APK files from unofficial sources and recommended that Abhijeet Dipke publicly clarify that the fake app has no connection with the platform.
