Fake “Cockroach Janta Party” Android App Found Stealing OTPs and Banking Data, Security Researchers Warn

Android users in India are being warned about a dangerous spyware campaign linked to a fake mobile application named “Cockroach Janta Party.” Cybersecurity researchers say the malicious app is being spread through WhatsApp, Telegram channels, and unofficial APK download websites to infect smartphones and steal sensitive information.

The warning was issued by TraceX Labs, which recently published a detailed threat analysis about the malware campaign. According to researchers, the fake APK behaves like an advanced Android banking trojan and spyware tool capable of monitoring device activity, capturing OTPs, and collecting private user data in the background.

Security experts have classified the threat as critical due to the malware’s ability to abuse Android accessibility features and silently interact with apps on infected devices.

Malware Campaign Using Viral Trend to Target Android Users

Researchers say attackers are taking advantage of the growing online popularity of the “Cockroach Janta Party” trend to trick users into downloading the fake application.

Instead of using the Google Play Store, the APK is reportedly being shared directly through:

• WhatsApp chats and groups
• Telegram channels
• Third-party APK download sites
• Fake Android app pages
• Social media sharing campaigns

Experts explained that users are often convinced to manually install the APK by enabling Android’s “Install from Unknown Sources” option, which disables important built-in security protections.

Cybersecurity analysts warned that unofficial APK files remain one of the biggest sources of Android malware infections because they bypass Google’s standard app verification systems.

Fake App Requests Dangerous Permissions

After installation, the spyware reportedly asks users for several sensitive Android permissions.

According to the report, the app can request access to:

• SMS messages
• Contacts
• Call logs
• Device storage
• Camera permissions
• Accessibility Services

Researchers say the Accessibility permission is particularly dangerous because it can give malware deep control over a smartphone.

If granted, the spyware may be able to:

• Read OTPs and passwords displayed on screen
• Monitor banking app activity
• Capture sensitive financial information
• Perform actions automatically in the background
• Bypass certain Android security prompts

Security experts noted that many modern Android banking trojans now rely on accessibility abuse because it allows attackers to spy on users without using advanced hacking methods.

Researchers Found Spyware and Banking Malware Features

During technical analysis of the APK, cybersecurity researchers reportedly discovered multiple hidden spyware modules inside the fake application.

According to the investigation, the malware is capable of:

• Intercepting SMS messages
• Forwarding banking OTPs
• Stealing contacts and call history
• Collecting photos and media files
• Monitoring installed applications
• Gathering device information
• Accessing stored documents
• Running surveillance operations silently

The report suggests that the malware may be designed for long-term spying and financial fraud activities.

Researchers also observed suspicious background communication between infected devices and remote servers, indicating active data theft operations.

Telegram Infrastructure Used to Hide Malicious Activity

One of the more concerning findings in the report is the malware’s reported use of Telegram Bot API infrastructure for communication.

Experts explained that attackers can use Telegram-based systems to blend malicious traffic with normal encrypted internet traffic, making the spyware harder to detect through regular network monitoring.

According to the advisory, the malware can potentially steal:

• Banking OTPs
• SMS conversations
• Contacts and call records
• Photos and videos
• Device identifiers
• SIM-related information
• Application activity data

Researchers warned that victims could face banking fraud, account compromise, identity theft, and privacy-related risks if their devices become infected.

Indian Android Users Main Focus of Campaign

The investigation indicates that Indian Android users are the primary target of the spyware campaign. Researchers reportedly found references connected to Indian telecom services within the malware code, suggesting a focused targeting strategy.

The spyware is believed to affect Android devices running Android 8 through Android 14 and mainly spreads through side-loaded APK installations outside official app marketplaces.

How Users Can Protect Their Android Devices

Cybersecurity experts recommend following basic mobile security practices to reduce the risk of infection.

Recommended safety steps include:

• Download apps only from trusted sources like the Google Play Store
• Avoid APK files shared through WhatsApp or Telegram
• Keep Google Play Protect enabled
• Review app permissions carefully before installation
• Never allow Accessibility access to unknown applications
• Use authenticator apps instead of SMS-based OTPs whenever possible

Users who think they may have installed the fake app are advised to remove it immediately, revoke Accessibility permissions, change important passwords from another trusted device, and monitor bank accounts for suspicious activity.

Researchers say spyware campaigns targeting Android users are becoming more advanced as attackers increasingly combine social engineering, fake APK distribution, and trending online topics to spread malware quickly.

Source- https://tracexlabs.com/reports/cockroach-janta-party-malware-threat-report-2026.html