Report Warns Cybercriminals Are Exploiting Cockroach Janta Party’s Popularity To Scam GenZ

ByTech Word News

With the rise in popularity of satirical digital platform Cockroach Janta Party (CJP), cybercriminals are using this viral popularity to trick Android users into downloading fake APKs outside of the Google Play store, according to an independent research report prepared by Mumbai-based TraceX Labs, an Indian cybersecurity startup focused on applied security research.

Opinion | Cockroach Janta Party’s interpretation of the ‘rise’

The 33-page report labeled a fake Android app posing as the official CJP app as a malware threat capable of hacking devices and stealing user data.

The May 22 report includes an analysis of the APK, which found that a request was made to access highly sensitive permissions, such as access to SMS, contacts, storage, and Android Accessibility permissions, which help read content on the screen. These permissions are commonly abused by Android spyware and banking malware to steal one-time passwords, track user activity, obtain credentials, and access personal information. The report concluded that the app has nothing to do with CJP and is exploiting its popularity among Gen Z users.

Forensic analysis of the cockroach.janta.party APK revealed spyware and remote trojan (RAT)-like behavior, including excessive permission request, accessibility service abuse, OTP theft capabilities, and Telegram-based command and control (C2) communication. The cockroachjantaparty(.)org link was spread through WhatsApp redirect chains, Telegram groups and websites.

Analysis shows that the malware contains a Command-and-Control infrastructure based on the Telegram Bot API. This allows cybercriminals to decrypt legitimate encrypted traffic. It also includes DNS (Domain Name System) queries linked to the rogue domain, exfiltration of approximately 34 KB of data within minutes of launch, and multiple simultaneous HTTPS connections.

The analysis was performed through reverse engineering and behavioral inspection of a sample APK along with analysis of the associated infrastructure and permissions of the required applications. The study was conducted after the researcher received an APK file named “Cockroach Janta Party.apk” via WhatsApp. Initially, out of curiosity, the researcher decided to install the app and check it on an Android device.

“Immediately after installation, the application began to request a large number of dangerous permissions, including access to SMS messages, contacts, call logs, camera, storage and most importantly, the accessibility service. The excessive permission requests quickly raised suspicions about the legitimacy of the application,” said Santhosh Kumar, a researcher at TraceX Labs, founded in 2025, which develops modern solutions for various artificial intelligence-driven digital security environments.

Santosh and his team used manual testing, static analysis, runtime analysis and reverse engineering that was done on the application. To understand the internal behavior of the malware, the APK file was manually inspected and decompiled using APKTool. AndroidManifest.xml file, application resources and Smali source code were analyzed in detail.

Several dangerous permissions and suspicious services were identified during the analysis of the AndroidManifest.xml file. Further reverse engineering of the Smali files revealed several malicious modules, including CallLogs.smali, which is designed to steal call history.

Cyber ​​security expert N. Ashwin has warned that cybercriminals are now using viral trends like the ‘Cockroach Janta Party’ movement to target Gen Z users through social engineering. “Attackers use curiosity, meme culture, and politically viral content to lure users into downloading malicious APK files through third-party APK sites.”

Security researcher at TraceX Labs, Kiran Singh Rajpurohit, said: “The analysis shows that attackers are increasingly using politically viral content, WhatsApp sharing chains and Telegram communities as social engineering vectors to distribute malicious Android APK files targeting Indian users. Users should avoid downloading unofficial APK files as attackers can exploit these trends to distribute spyware or banking malware.”

The report also suggests that CJP’s founder, Abhijeet Dipke, has issued an informational message to supporters to be careful and to clarify that he does not manage the app and that the organization is a victim of impersonation.

Published – 30 May 2026 11:44 IST