“Cockroach Janta Party” APK Malware Spreading Across India, Android Users Warned

A dangerous Android malware campaign disguised as the “Cockroach Janta Party” APK is actively spreading across India, targeting Android smartphone users through WhatsApp, Telegram groups, and unofficial APK download websites. Cybersecurity researchers have warned that the malicious application is capable of stealing OTPs, monitoring user activity, accessing private files, and abusing Android accessibility permissions for advanced surveillance operations.

According to investigators, the fake application is being promoted using politically themed branding and viral social media sharing tactics to trick users into manually installing the APK on their devices. Security experts say attackers are specifically targeting users who download applications from unofficial sources outside the Google Play Store.

Researchers identified the malware as a sophisticated Android Remote Access Trojan (RAT) combined with spyware and banking trojan functionality. Once installed, the malware reportedly gains access to SMS messages, contacts, call logs, media files, storage data, and sensitive device information.

Cybersecurity analysts classified the threat level as CRITICAL because of the malware’s extensive spying capabilities and its ability to abuse Android Accessibility Services.

Malware Spreading Through WhatsApp and Telegram

According to the investigation, the fake “Cockroach Janta Party” APK is being distributed through:

• WhatsApp APK file sharing
• Telegram groups and channels
• Fake Android app download pages
• Third-party APK distribution websites
• Social engineering campaigns

Researchers explained that attackers are using trending public topics and political branding to gain trust and encourage users to install the APK manually.

Because the malware is distributed outside official app stores, victims are usually required to enable Android’s “Install from Unknown Sources” option, bypassing standard Android security protections.

Security experts warned that APK files shared through messaging apps remain one of the most common infection methods used in Android malware campaigns targeting Indian users.

Dangerous Permissions Requested by the APK

One of the most serious concerns highlighted in the investigation is the large number of dangerous Android permissions requested by the malware after installation.

The fake application reportedly asks for access to:

• SMS messages
• Contacts
• Call logs
• Camera
• Device storage
• Accessibility services

Researchers warned that granting these permissions could provide attackers with broad control over the infected device.

Cybersecurity analysts specifically identified Android Accessibility Services abuse as one of the malware’s most dangerous features. If accessibility permissions are enabled, the spyware can reportedly:

• Read OTPs and passwords from the screen
• Capture banking-related information
• Perform automated clicks and gestures
• Interact with applications silently in the background
• Bypass Android security warnings
• Monitor user activity continuously

Security researchers say accessibility abuse has become increasingly common among Android banking trojans because it allows attackers to manipulate devices without needing advanced exploits or root access.

Reverse Engineering Reveals Advanced Spyware Features

A detailed reverse engineering analysis of the APK uncovered multiple embedded spyware modules designed for surveillance and credential theft.

Researchers discovered malware components related to:

• SMS interception and OTP forwarding
• Contact theft
• Call history extraction
• Device fingerprinting
• Gallery and media theft
• File collection from storage
• Process monitoring
• Network activity tracking
• Background surveillance operations

The investigation also revealed that the malware continuously communicates with remote attacker-controlled infrastructure while blending malicious traffic with legitimate encrypted internet activity to avoid detection during network monitoring.

According to researchers, the spyware appears specifically engineered for long-term surveillance, credential theft, banking fraud, and financial scams.

Indian Android Users Primary Target

Security analysts believe Indian Android users are the primary targets of the campaign. Investigators reportedly identified India-related configurations and mobile network references embedded inside the malware source code.

Researchers warned that infected users may face:

• Identity theft
• Banking fraud
• Unauthorized account access
• Social media compromise
• Financial loss
• Privacy violations

Security Recommendations for Android Users

Cybersecurity experts advised Android users to follow strict mobile security practices, including:

• Install apps only from trusted app stores
• Avoid APK files shared through WhatsApp or Telegram
• Keep Google Play Protect enabled
• Carefully review app permissions
• Never grant accessibility permissions to unknown apps
• Use authenticator apps instead of SMS-based OTP authentication whenever possible

Users who suspect infection are advised to immediately uninstall suspicious applications, revoke accessibility permissions, reset important passwords from another trusted device, and monitor banking activity for unauthorized transactions.

Threat Intelligence Report: Fake "Cockroach Janta Party" Android Malware

Researchers emphasized that Android spyware campaigns are rapidly evolving as attackers increasingly rely on social engineering and unofficial APK distribution methods to target users at scale.