TraceX Labs Warns of Fake “Cockroach Janta Party” Android Malware Spreading Through WhatsApp and Telegram

TraceX Labs has released a public security advisory warning Android users about a dangerous spyware campaign involving a fake “Cockroach Janta Party” mobile application. According to the cybersecurity researchers, the malicious APK is being distributed through messaging platforms and unofficial download sources in an attempt to infect Android devices and steal sensitive user information.

The report identifies the application as a sophisticated Android Remote Access Trojan (RAT) and spyware capable of intercepting OTPs, monitoring device activity, stealing contacts and messages, and accessing personal files stored on infected smartphones. Researchers classified the threat level as CRITICAL due to the malware’s extensive surveillance capabilities and abuse of Android accessibility features.

How the Malware Spreads

According to the TraceX Labs investigation, the fake “Cockroach Janta Party” APK is spreading through WhatsApp APK sharing, Telegram groups and channels, fake app download pages, third-party APK websites, and social engineering campaigns targeting Android users.

Researchers explained that attackers use politically themed branding and trending public topics to gain user trust and encourage victims to manually install the APK on their devices. Since the malware is distributed outside official app stores, victims are typically required to enable Android’s “Install from Unknown Sources” option, bypassing standard Google Play protections.

The report warns that unofficial APK downloads shared through messaging apps continue to be one of the largest infection vectors for Android spyware campaigns.

Dangerous Android Permissions Requested

One of the most serious findings highlighted in the security advisory is the large number of dangerous Android permissions requested by the malware once installed.

The fake “Cockroach Janta Party” application reportedly requests access to SMS messages, contacts, call logs, camera, device storage, and Android accessibility services.

Security researchers warn that granting these permissions gives attackers broad access to the infected device and its sensitive information.

TraceX Labs specifically identified abuse of Android Accessibility Services as one of the malware’s most dangerous capabilities. If enabled by the user, the malware can reportedly read on-screen content including OTPs and passwords, capture sensitive banking information, perform automated clicks and gestures, interact with apps silently in the background, and bypass Android security warnings.

According to researchers, accessibility abuse has become increasingly common in Android banking trojans and spyware because it allows attackers to monitor and manipulate user activity without requiring advanced exploits.

Reverse Engineering Reveals Extensive Spyware Capabilities

TraceX Labs conducted a detailed reverse engineering investigation of the APK using malware analysis and Android decompilation tools.

The analysis uncovered multiple embedded spyware modules inside the fake “Cockroach Janta Party” application, including components capable of SMS interception and OTP forwarding, contact and call history theft, device fingerprinting, photo and gallery theft, file collection from storage, process monitoring, network activity monitoring, and background surveillance operations.

Researchers noted that the malware appears specifically engineered for long-term surveillance, credential theft, and financial fraud operations.

The report also revealed that the spyware continuously communicates with remote infrastructure while blending malicious traffic with legitimate encrypted internet activity, making detection more difficult during normal network monitoring.

Network Analysis and Data Theft Activity

During behavioral and network traffic analysis, researchers observed the malware actively transmitting data from infected devices. According to the report, the spyware can exfiltrate SMS messages and OTPs, contacts and call logs, device identifiers, photos and media files, stored documents, SIM-related information, and running application data.

TraceX Labs warned that such capabilities could expose victims to identity theft, banking fraud, social media account compromise, and unauthorized access to personal information.

Security Recommendations from TraceX Labs

The cybersecurity firm advised Android users to install apps only from trusted app stores, avoid APK files shared through WhatsApp or Telegram, keep Google Play Protect enabled, carefully review app permissions, and never enable accessibility permissions for unknown applications.

Users who suspect infection are advised to immediately uninstall suspicious applications, revoke accessibility permissions, reset important passwords using another trusted device, and monitor banking accounts for unusual activity.

Cybersecurity researchers say Android spyware campaigns are becoming increasingly sophisticated as attackers combine social engineering, unofficial APK distribution, and accessibility abuse to target users at scale.

The full threat intelligence report is available through the official TraceX Labs website.

Threat Intelligence Report: Fake "Cockroach Janta Party"