TraceX Labs warns of fake Cockroach Janta Party Android malware spreading on WhatsApp and Telegram

By AI, Created 2:05 PM UTC, May 24, 2026, /AGP/ – TraceX Labs issued a security advisory on May 24, 2026, warning Android users about a fake “Cockroach Janta Party” APK spreading through WhatsApp, Telegram, invite links and third-party download sites. The malware may steal messages, OTPs, contacts and other device data, with Indian users appearing to be a likely target.

Why it matters: - The fake APK could expose Android users to account theft, financial fraud and broader device compromise. - The campaign uses political buzz and messaging apps to push users into installing malware outside trusted app stores. - TraceX Labs says the threat may be especially relevant for Indian Android users.

What happened: - TraceX Labs issued a public security advisory on May 24, 2026, about a fake Android app called “Cockroach Janta Party.apk.” - The APK is spreading through WhatsApp, Telegram groups, invite links and third-party APK download websites. - The malware is disguised as political-themed content and targets people searching for terms like “Cockroach Janta Party APK” and “CJP app.” - The legitimate Cockroach Janta Party movement is not tied to the malware campaign and is being impersonated.

The details: - The malicious APK is designed to trick users into manually installing software outside the Google Play Store. - The campaign uses social engineering, viral internet discussion and trending political conversations to build trust. - The malware may collect SMS messages, OTPs, contacts, call history, photos, documents and other device information. - The spyware may also monitor background activity and try to access authentication data used for banking and online accounts. - Researchers found requests for SMS access, contact access, storage permissions, camera permissions, call log access and Accessibility Service permissions. - Accessibility permissions can let an app monitor screen activity and interact with device functions in the background. - TraceX Labs says cybercriminals are increasingly abusing those permissions in Android malware campaigns. - The malware uses Telegram-based infrastructure for communication. - Using common messaging infrastructure can make suspicious traffic look like normal app traffic during routine monitoring. - Researchers found references related to India and Reliance Jio in parts of the malware codebase. - Santhosh Kumar, a cybersecurity researcher involved in the investigation, said the fake APK is designed to misuse public interest and viral online discussions. - Kumar also warned users to avoid APK files from unknown sources and remain cautious with apps shared through messaging platforms. - The full threat intelligence report includes malware analysis findings, Android permission analysis, network indicators, reverse engineering observations, YARA detection rules and security recommendations. - TraceX Labs also published a threat report PDF and a web version of the report.

Between the lines: - The campaign shows how attackers are borrowing real-world political topics to create urgency and lower user skepticism. - Messaging apps remain a high-risk distribution channel because users often treat shared files as trusted. - The use of Telegram infrastructure suggests attackers are trying to blend malicious activity into ordinary traffic patterns. - The focus on Accessibility permissions points to a mobile threat model aimed at stealthy surveillance, not just simple data theft.

What’s next: - Android users are being told to install apps only from trusted sources like the Google Play Store. - TraceX Labs recommends keeping Google Play Protect enabled and reviewing app permissions carefully. - Users should avoid granting Accessibility access to unknown applications. - The company also recommends authenticator apps instead of SMS-based OTPs when possible. - Anyone who installed a suspicious APK should uninstall it, review Accessibility permissions, reset passwords from another trusted device and watch important accounts for unusual activity. - TraceX Labs is expected to continue publishing technical findings and security guidance as the campaign evolves.

The bottom line: - A politically themed Android APK is being used as a lure for malware distribution, and the safest response is to avoid sideloaded apps and treat shared APKs as untrusted.