With the increase in popularity of the satirical digital platform Cockroach Janta Party (CJP), cybercriminals are exploiting this viral popularity to trick Android users into downloading fake APK apps from outside the Google Play Store, according to an independent research report prepared by Mumbai-based TraceX Labs, an Indian cybersecurity start-up focused on applied security research.
Opinion | Interpreting the ‘rise’ of the Cockroach Janta Party
The 33-page report flagged a fake Android app posing as CJP’s official app as a malware threat capable of hacking devices and stealing user data.
The report dated May 22, comprises APK analysis, which found that the request was made to access highly sensitive permissions such as SMS access, contacts, storage, and Android Accessibility permissions, which helps in reading on-screen content. These permissions are commonly abused by Android spyware and banking malware to steal OTPs, monitor user activity, capture credentials, and access personal data. The report concluded that the app has nothing to do with the CJP and is exploiting its popularity among Gen Z users.
The forensic analysis of the cockroach.janta.party APK revealed spyware and Remote Access Trojan (RAT)-like behaviour, including excessive permission requests, abuse of accessibility services, capabilities for OTP theft, and Telegram-based command and control (C2) communication. The link cockroachjantaparty[.]org has been circulated through WhatsApp forwarding chains, Telegram groups, and websites.
The analysis shows that the malware comprises a Command-and-Control infrastructure based on the Telegram Bot API. This allows cybercriminals to decrypt legitimate encrypted traffic. It also includes DNS (Domain Name System) queries linked to the rogue domain, data exfiltration of approximately 34 KB within minutes of execution, and multiple simultaneous HTTPS connections.
The analysis was conducted through reverse engineering and behavioural inspection of the APK sample, along with an analysis of the associated infrastructure and permissions requested by the application. The study was carried out after the researcher received an APK file named “Cockroach Janta Party.apk” through WhatsApp. Initially, out of curiosity, the researcher decided to install the application and inspect it on an Android device.
“Immediately after installation, the application began requesting a large number of dangerous permissions, including access to SMS messages, contacts, call Logs, camera, storage, and most critically, the accessibility service. The excessive permission requests quickly raised suspicion regarding the legitimacy of the application,” said Santhosh Kumar, the researcher from TraceX Labs, founded in 2025 develops AI-driven security solutions designed for diverse digital environments and modern cyber threats.
Santosh and his team used manual testing, static analysis, runtime analysis, and reverse engineering, which were performed on the application. To understand the malware’s internal behaviour, the APK was manually inspected and decompiled using APKTool. The AndroidManifest.xml file, application resources, and Smali source code were analysed in detail.
During the analysis of the AndroidManifest.xml file, multiple dangerous permissions and suspicious services were identified. Further reverse engineering of the Smali files revealed several malicious modules, including CallLogs.smali, which is designed to steal call history.
Cybersecurity expert N. Ashwin warned that cybercriminals are now exploiting viral trends like the “Cockroach Janta Party” movement to target Gen Z users through social engineering. “The attackers leverage curiosity, meme culture, and politically viral content to lure users into downloading malicious APKs via third-party APK sites.”
The security Researcher at TraceX Labs, Kiran Singh Rajpurohit, said, “The analysis shows attackers are increasingly using politically viral content, WhatsApp sharing chains, and Telegram communities as social engineering vectors to distribute malicious Android APKs targeting Indian users. Users should avoid downloading unofficial APK files because attackers may exploit those trends to distribute spyware or banking malware.”
The report also suggests that the founder of CJP, Abhijeet Dipke, issue an awareness message for supporters to be cautious and clarify that the app is not run by him and that the organisation is a victim of impersonation.
Published – May 30, 2026 11:44 am IST
