Report warns that cybercriminals are exploiting Cockroach Janta Party’s popularity to con GenZ

With the rise in popularity of satirical digital platform Cockroach Janta Party (CJP), cybercriminals are taking advantage of this viral popularity to trick Android users into downloading fake APK apps from outside the Google Play Store, according to an independent research report by Mumbai-based TraceX Labs, an Indian cybersecurity start-up focusing on applied security research.

Opinion | Commenting on the ‘rise’ of the Cockroach Janta Party

The 33-page report flagged a fake Android app masquerading as CJP’s official app as a malware threat that could hack devices and steal user data.

The report, dated May 22, includes APK analysis that found that the request was made for access to highly sensitive permissions such as SMS access, contacts, storage, and Android Accessibility permissions that help read content on the screen. These permissions are often abused by Android spyware and banking malware to steal OTPs, track user activity, capture credentials, and access personal data. The report concluded that the app had nothing to do with CJP and exploited its popularity among Gen Z users.

Forensic analysis of the Cockroach.janta.party APK revealed spyware and Remote Access Trojan (RAT)-like behavior, including excessive permission requests, abuse of accessibility services, OTP hijacking capabilities, and Telegram-based command and control (C2) communication. Link cockroachjantaparty[.]org, WhatsApp referral chains, Telegram groups and websites.

Analysis shows that the malware contains a Command and Control infrastructure based on the Telegram Bot API. This allows cybercriminals to decrypt legitimate encrypted traffic. It also includes spoofed domain-bound DNS (Domain Name System) queries, data leakage of approximately 34 KB within minutes of execution, and multiple simultaneous HTTPS connections.

The analysis was performed through reverse engineering and behavioral review of the APK sample, as well as analysis of the relevant infrastructure and permissions requested by the application. The research was carried out after the researcher received the APK file named “Cockroach Janta Party.apk” via WhatsApp. Initially, out of curiosity, the researcher decided to install the app on an Android device and examine it.

Founded in 2025, TraceX Labs develops AI-powered security solutions designed for various digital environments and modern cyber threats, said Santhosh Kumar, a researcher at TraceX Labs, “Immediately after installation, the app started requesting numerous dangerous permissions, including access to SMS messages, contacts, call logs, camera, storage, and most importantly, the accessibility service. Excessive permission requests quickly raised doubts about the legitimacy of the app,” said Santhosh Kumar, a researcher at TraceX Labs, founded in 2025.

Santosh and his team utilized manual testing, static analysis, runtime analysis and reverse engineering performed on the application. To understand the internal behavior of the malware, the APK was manually examined and decompiled using APKTool. The AndroidManifest.xml file, application resources and Smali source code were analyzed in detail.

During analysis of the AndroidManifest.xml file, multiple dangerous permissions and suspicious services were detected. Reverse engineering of smali files revealed several malicious modules, including CallLogs.smali designed to steal call history.

Cybersecurity expert N. Ashwin warned that cybercriminals are now leveraging viral trends such as the “Cockroach Janta Party” movement to target Gen Z users through social engineering. “Attackers are leveraging curiosity, meme culture, and politically viral content to encourage users to download malicious APKs via third-party APK sites.”

Kiran Singh Rajpurohit, Security Researcher at TraceX Labs, said: “Analysis shows that attackers are increasingly using political viral content, WhatsApp share chains and Telegram communities as social engineering vectors to distribute malicious Android APKs targeting Indian users. Users should avoid downloading unofficial APK files as attackers may exploit these trends to distribute spyware or banking malware.”

The report also claims that CJP founder Abhijeet Dipke issued an awareness message to supporters to be careful and clarified that the app was not run by him and that the organization was a victim of impersonation.

It was published – 30 May 2026 11:44 IST