A dangerous Android malware campaign disguised as the “Cockroach Janta Party” APK is actively spreading across India, targeting Android smartphone users through WhatsApp, Telegram groups, and unofficial APK download websites. Cybersecurity researchers have warned that the malicious application is capable of stealing OTPs, monitoring user activity, accessing private files, and abusing Android accessibility permissions for advanced surveillance operations.
According to investigators, the fake application is being promoted using politically themed branding and viral social media sharing tactics to trick users into manually installing the APK on their devices. Security experts say attackers are specifically targeting users who download applications from unofficial sources outside the Google Play Store.
Researchers identified the malware as a sophisticated Android Remote Access Trojan (RAT) combined with spyware and banking trojan functionality. Once installed, the malware reportedly gains access to SMS messages, contacts, call logs, media files, storage data, and sensitive device information.
Cybersecurity analysts classified the threat level as CRITICAL because of the malware’s extensive spying capabilities and its ability to abuse Android Accessibility Services.
According to the investigation, the fake “Cockroach Janta Party” APK is being distributed through:
Researchers explained that attackers are using trending public topics and political branding to gain trust and encourage users to install the APK manually.
Because the malware is distributed outside official app stores, victims are usually required to enable Android’s “Install from Unknown Sources” option, bypassing standard Android security protections.
Security experts warned that APK files shared through messaging apps remain one of the most common infection methods used in Android malware campaigns targeting Indian users.
One of the most serious concerns highlighted in the investigation is the large number of dangerous Android permissions requested by the malware after installation.
The fake application reportedly asks for access to:
Researchers warned that granting these permissions could provide attackers with broad control over the infected device.
Cybersecurity analysts specifically identified Android Accessibility Services abuse as one of the malware’s most dangerous features. If accessibility permissions are enabled, the spyware can reportedly:
Security researchers say accessibility abuse has become increasingly common among Android banking trojans because it allows attackers to manipulate devices without needing advanced exploits or root access.
A detailed reverse engineering analysis of the APK uncovered multiple embedded spyware modules designed for surveillance and credential theft.
Researchers discovered malware components related to:
The investigation also revealed that the malware continuously communicates with remote attacker-controlled infrastructure while blending malicious traffic with legitimate encrypted internet activity to avoid detection during network monitoring.
According to researchers, the spyware appears specifically engineered for long-term surveillance, credential theft, banking fraud, and financial scams.
Security analysts believe Indian Android users are the primary targets of the campaign. Investigators reportedly identified India-related configurations and mobile network references embedded inside the malware source code.
Researchers warned that infected users may face:
Cybersecurity experts advised Android users to follow strict mobile security practices, including:
Users who suspect infection are advised to immediately uninstall suspicious applications, revoke accessibility permissions, reset important passwords from another trusted device, and monitor banking activity for unauthorized transactions.
Threat Intelligence Report: Fake "Cockroach Janta Party" Android Malware
Researchers emphasized that Android spyware campaigns are rapidly evolving as attackers increasingly rely on social engineering and unofficial APK distribution methods to target users at scale.