Cockroach Janta Party Malware APK Targets Android Users Through WhatsApp and Telegram
Udaipur, May 22, 2026, Technology Alert News: According to a new security advisory released by Indian cybersecurity company TraceX Labs, a dangerous Android malware campaign disguised as a “Cockroach Janta Party” mobile application is actively targeting users through WhatsApp, Telegram groups, and malicious APK download websites.
TraceX Labs, an Indian cybersecurity and threat intelligence company, warned that the fake APK is a sophisticated Android Remote Access Trojan (RAT), spyware, and banking malware designed to steal sensitive user information from infected smartphones. Researchers classified the threat level as “CRITICAL” due to the malware’s extensive surveillance and data theft capabilities.
The advisory states that threat actors are exploiting the viral popularity of the “Cockroach Janta Party” internet movement to socially engineer Android users into downloading the malicious APK. The company clarified that the legitimate Cockroach Janta Party has no involvement with the malware and is itself a victim of impersonation by cybercriminals.
Malware Spread Through WhatsApp, Telegram, and Fake Websites
According to TraceX Labs researchers, the malware is currently spreading through:
- WhatsApp APK sharing
- Telegram groups and channels
- Fake APK download pages
- Third-party Android app websites
- Politically themed social engineering campaigns
The report includes evidence showing the fake APK being shared directly in WhatsApp chats and Telegram groups as a file named “Cockroach Janta Party.apk.”
Researchers explained that attackers are abusing trending political discussions and Gen Z internet culture to gain user trust and convince victims to manually install the malicious application outside the Google Play Store.
Dangerous Android Permissions Requested
TraceX Labs identified multiple dangerous permissions requested by the spyware once installed on an Android device. These include:
- SMS permissions
- Contact access
- Call log access
- Camera permissions
- Storage access
- Accessibility Services access
Security experts warned that the Accessibility Service permission is particularly dangerous because it allows the malware to read on-screen content, capture OTPs and passwords, bypass Android security prompts, and silently interact with banking applications in the background.
Reverse Engineering Revealed Advanced Spyware Features
The Indian cybersecurity firm conducted a detailed reverse engineering analysis of the APK using Android malware decompilation tools. According to the report, researchers discovered multiple embedded spyware modules capable of:
- SMS interception and OTP forwarding
- Contact and call log theft
- Device fingerprinting
- Gallery and media theft
- File collection from storage
- Banking app monitoring
- Background surveillance operations
The malware reportedly contains components such as AccessibilityServiceStub.smali, SmsForward.smali, TelegramC2.smali, and ProcessMonitor.smali, indicating advanced surveillance and credential theft functionality.
Telegram Infrastructure Used for Data Theft
TraceX Labs also revealed that the malware uses Telegram’s Bot API as its command-and-control (C2) infrastructure. Researchers explained that this technique helps attackers blend malicious traffic with legitimate Telegram and Google HTTPS traffic, making detection more difficult during normal network monitoring.
According to the advisory, the spyware can exfiltrate:
- SMS messages and banking OTPs
- Contacts and call history
- Photos and media files
- Device information
- Stored documents
- SIM details
- Running application information
The company warned that infected users could face identity theft, unauthorized banking transactions, financial fraud, and major privacy risks.
Indian Users Main Target
The report indicates that Indian Android users are the primary target of the malware campaign. Researchers found hardcoded references to India and Reliance Jio inside the spyware’s code, suggesting attackers may specifically be targeting Indian smartphone users.
The malware reportedly affects Android devices running Android 8 through Android 14 and spreads mainly through side-loaded APK installations that bypass Google Play Store protections.
TraceX Labs Issues Security Recommendations
TraceX Labs advised users to install apps only from trusted sources such as the Google Play Store and avoid APK files shared through WhatsApp, Telegram, or unknown websites.
The company also recommended that users:
- Keep Google Play Protect enabled
- Avoid enabling “Install from Unknown Sources”
- Carefully review app permissions
- Never grant Accessibility permissions to unknown apps
- Use authenticator apps instead of SMS-based OTP authentication
Users who suspect infection are advised to immediately uninstall suspicious applications, disable Accessibility permissions, reset passwords using another trusted device, and monitor banking accounts for suspicious activity.
TraceX Labs emphasized that Android spyware campaigns are increasingly exploiting viral trends, political branding, and social engineering tactics to target users, making cybersecurity awareness and safe mobile practices more important than ever.
Source : https://tracexlabs.com/reports/cockroach-janta-party-malware-threat-report-2026.html