Cockroach Janta Party Malware Alert: Fake APK Targeting Gen Z
As the viral “Cockroach Janta Party” (CJP) movement continues dominating conversations across social media platforms, cybersecurity researchers have warned that cybercriminals are now exploiting the...
As the viral “Cockroach Janta Party” (CJP) movement continues dominating conversations across social media platforms, cybersecurity researchers have warned that cybercriminals are now exploiting the trend to spread dangerous Android malware disguised as the organisation’s official mobile application.
Table Of Content
- Fake Cockroach Janta Party App Found Spreading Through WhatsApp and Telegram
- Researchers Identify Spyware and RAT-Like Behaviour
- Investigation Started After APK Was Shared on WhatsApp
- Reverse Engineering Revealed Malicious Modules
- Gen Z Users Being Targeted Through Meme Culture and Viral Trends
- Researchers Issue Public Safety Advisory
- Safety Recommendations for Users
- FAQ
- Is the Cockroach Janta Party APK official?
- How is the malware spreading?
- What can the malware do?
- Who discovered the malware?
A detailed 33-page threat intelligence report released by cybersecurity company TraceX Labs has uncovered a malicious Android APK operating under the name “Cockroach Janta Party.apk,” which researchers say is capable of stealing sensitive personal data, spying on users, and remotely compromising infected Android devices.
According to the report, the fake application is being circulated through WhatsApp forwarding chains, Telegram groups, third-party APK download websites, and politically viral online communities targeting India’s Gen Z audience.
Fake Cockroach Janta Party App Found Spreading Through WhatsApp and Telegram
Researchers revealed that the malicious APK has no connection with the actual Cockroach Janta Party movement and is instead exploiting its massive internet popularity to trick users into installing spyware-infected applications outside the Google Play Store ecosystem.
The report states that immediately after installation, the APK aggressively requests access to dangerous Android permissions including:
- SMS access
- Contacts
- Call logs
- Camera access
- Device storage
- Accessibility Services
Cybersecurity experts warned that such permissions are commonly abused by Android spyware, banking malware, and Remote Access Trojans (RATs) to intercept OTPs, steal credentials, monitor user activity, and silently extract private information from infected smartphones.
Researchers Identify Spyware and RAT-Like Behaviour
The forensic investigation conducted by TraceX Labs identified multiple indicators of spyware and RAT-like activity within the application.
Researchers observed:
- OTP interception mechanisms
- Accessibility service abuse
- Telegram-based Command-and-Control (C2) communication
- Suspicious DNS activity
- Background surveillance behaviour
- Rapid data exfiltration after execution
- Multiple encrypted HTTPS connections
The report further noted that the malware infrastructure relied heavily on the Telegram Bot API, enabling attackers to remotely manage infected devices and receive stolen data in real time.
Investigation Started After APK Was Shared on WhatsApp
The investigation reportedly began after researchers received the APK file through a WhatsApp forwarding chain. Suspicious of the application’s legitimacy, the team isolated and analysed the APK inside a controlled Android malware analysis environment.
“Immediately after installation, the application began requesting an unusually high number of dangerous permissions, including access to SMS messages, contacts, storage, call logs, and accessibility services. The excessive permission requests quickly raised concerns regarding the legitimacy of the application,” said Santhosh Kumar, cybersecurity researcher at TraceX Labs.
Founded in 2025, TraceX Labs is an Indian cybersecurity and AI research company focused on malware analysis, threat intelligence, digital forensics, and AI-driven security solutions.
Reverse Engineering Revealed Malicious Modules
To analyse the malware, researchers used static analysis, runtime inspection, manual testing, and reverse engineering techniques.
The APK was decompiled using APKTool, allowing investigators to inspect the AndroidManifest.xml configuration files, application resources, and underlying Smali source code.
During the reverse engineering process, the team reportedly identified several suspicious modules capable of:
- Extracting call history
- Monitoring user activity
- Intercepting messages
- Collecting device information
- Accessing personal files and sensitive data
Researchers also identified communication patterns associated with Telegram-based malware infrastructure commonly used in Android spyware campaigns.
Gen Z Users Being Targeted Through Meme Culture and Viral Trends
Ashib Mansoori, Mobile forensics experts at TraceX Labs warned that cybercriminals are increasingly weaponising meme culture, viral internet trends, and politically charged social media movements to launch large-scale social engineering campaigns targeting younger users.
“The attackers are leveraging curiosity, meme culture, and politically viral content to trick users into downloading malicious APKs from unofficial sources,” the report stated.
Cybersecurity researcher Kiran Singh Rajpurohit added that threat actors are now heavily relying on WhatsApp sharing chains, Telegram communities, and trending online movements as effective malware distribution vectors targeting Indian Android users.
“Users should avoid downloading APK files from unofficial websites or forwarded links because attackers frequently exploit viral trends to distribute spyware, credential stealers, and banking malware,” he said.
Researchers Issue Public Safety Advisory
The report urged Android users to avoid downloading applications from unknown sources and recommended using only trusted app marketplaces such as the Google Play Store.
Researchers also suggested that Cockroach Janta Party founder Abhijeet Dipke publicly issue an awareness advisory clarifying that the malicious APK is not associated with the organisation and warning supporters against downloading unofficial applications circulating online.
Safety Recommendations for Users
TraceX Labs recommended the following precautions:
- Avoid installing APK files received through WhatsApp or Telegram
- Never enable Accessibility Services for untrusted applications
- Download apps only from official marketplaces
- Review app permissions carefully before installation
- Use updated mobile security solutions
- Remove suspicious applications immediately
FAQ
Is the Cockroach Janta Party APK official?
No. Researchers stated that the malicious APK analysed in the report has no official connection with the Cockroach Janta Party movement.
How is the malware spreading?
The APK is reportedly spreading through WhatsApp forwarding chains, Telegram groups, and third-party APK download sites.
What can the malware do?
Researchers say the malware may steal OTPs, monitor user activity, access contacts and call logs, intercept messages, and remotely control infected devices.
Who discovered the malware?
The investigation was conducted by TraceX Labs, an Indian cybersecurity and threat intelligence company.
