TraceX Labs Detects Dangerous “Cockroach Janta Party” Android Spyware Campaign

TraceX Labs has issued a public security advisory warning Android users about a dangerous spyware campaign involving a fake Cockroach Janta Party,mobile application. According to the cybersecurity researchers, the malicious APK is being distributed through messaging apps and unofficial download sources in an attempt to infect Android devices and steal sensitive user information.

The report describes the application as a sophisticated Android Remote Access Trojan (RAT) and spyware capable of intercepting OTPs, monitoring device activity, stealing contacts and messages, and accessing personal files stored on infected smartphones. Researchers classified the threat level as CRITICAL because of the malwares advanced surveillance capabilities and abuse of Android accessibility features.

Malware Spreading Through Messaging Platforms

According to the investigation, the fake APK is actively spreading through WhatsApp file sharing, Telegram groups, fake APK download pages, and third-party Android app websites.

Researchers explained that attackers are using social engineering tactics and politically themed branding to convince users to manually install the malicious APK. Since the application is distributed outside official app stores, victims are often required to enable Install from Unknown Sources,bypassing Androids default security protections.

TraceX Labs warned that APK files shared through messaging apps remain one of the most common infection methods used in Android spyware campaigns.

Dangerous Permissions Raise Serious Security Concerns

The security advisory highlights the extensive list of permissions requested by the malware once installed on an Android device.

The application reportedly requests access to:

• SMS messages
• Contacts
• Call logs
• Camera
• Device storage
• Accessibility services

Researchers say granting these permissions could provide attackers with broad access to sensitive user data and device activity.

TraceX Labs specifically identified abuse of Android Accessibility Services as one of the malwares most dangerous features. If enabled, the spyware may gain the ability to read on-screen content, capture OTPs and passwords, perform automated clicks, interact with apps silently, and bypass Android security warnings.

According to cybersecurity experts, accessibility abuse has become increasingly common among Android banking trojans and spyware because it allows attackers to monitor and manipulate user activity without requiring sophisticated exploits.

Reverse Engineering Reveals Spyware Functionality

TraceX Labs conducted a detailed reverse engineering analysis of the APK using Android malware analysis and decompilation tools.

The analysis uncovered multiple spyware-related modules embedded inside the application, including capabilities for:

• SMS interception and OTP forwarding
• Contact theft
• Call history extraction
• Device fingerprinting
• Gallery and photo theft
• File collection from storage
• Process and application monitoring
• Background surveillance operations

Researchers noted that the malware appears specifically designed for long-term surveillance, credential theft, and financial fraud activities.

The report also revealed that the spyware continuously communicates with remote infrastructure while blending malicious traffic with legitimate encrypted internet activity, making detection more difficult during normal network monitoring.

Data Theft and Surveillance Risks

During network and behavioral analysis, researchers observed the malware actively transmitting data from infected devices. According to the advisory, the spyware can exfiltrate SMS messages, OTPs, contacts, call logs, device identifiers, photos, media files, and stored documents.

TraceX Labs warned that the malwares capabilities could expose victims to identity theft, banking fraud, unauthorized account access, and major privacy violations.

Security Recommendations for Android Users

The cybersecurity firm advised users to install applications only from trusted app stores, avoid APK files shared through WhatsApp or Telegram, carefully review app permissions, and never grant accessibility permissions to unknown applications.

Users who suspect infection are advised to immediately uninstall suspicious apps, revoke accessibility access, reset passwords from another trusted device, and monitor banking activity for unauthorized transactions.

Researchers emphasized that public awareness and safe mobile security practices remain essential as Android spyware campaigns continue evolving through social engineering and unofficial APK distribution channels.

View Full Report :Threat Intelligence Report: Fake "Cockroach Janta Party"