Beware! Fake 'Cockroach Janta Party' app is malware
What's the story
A fake Android app posing as the official platform of GenZ political organization 'Cockroach Janta Party' has been flagged as a major malware threat. The 33-page report, released by TraceX Labs's Threat Intelligence Team, warns that the malicious application is a fully functional Remote Access Trojan (RAT). It can infiltrate Android devices, steal sensitive user data, intercept communications and gain extensive control over infected smartphones while masquerading as a legitimate app.
Brand impersonation
Malware impersonates legitimate political platform
The report emphasizes that the legitimate 'Cockroach Janta Party' is not associated with this malicious app and has become a victim of brand impersonation. It says threat actors are exploiting the organization's name and its popularity among GenZ audiences to encourage installation. The malware, named Cockroach Janta Party.apk and about 5MB in size, is being distributed via WhatsApp forwarding chains, Telegram groups, and deceptive websites.
Functionality
Once installed, malware requests elevated permissions to access sensitive data
Once installed on Android devices running versions 8.0 to 14, the malicious app presents a simplified interface designed to avoid suspicion while requesting elevated permissions. These include access to camera functions, SMS messages, call logs, contacts and full device control. The most critical component highlighted in the report is abuse of the Android Accessibility Service which allows the malware to read on-screen content such as OTPs, passwords, and banking details, among other things.
Technical details
Malicious app features several modules for data exfiltration
Forensic analysis by TraceX Labs shows that the malicious app has several modules for contact harvesting, SMS interception, call log theft, and media extraction. The malware also features a Command and Control infrastructure based on the Telegram Bot API. This enables attackers to blend malicious communication with legitimate encrypted traffic. Network analysis confirmed DNS queries linked to the rogue domain and early-stage data exfiltration of about 34KB within minutes of execution along with multiple simultaneous HTTPS connections.
User guidance
Users can follow these steps to stay safe
The report calls for immediate action from anyone who may have installed the fake app. It recommends uninstalling the app, disabling accessibility permissions before removal, resetting banking credentials from a separate device, enabling two-factor authentication and conducting a full mobile security scan using trusted antivirus tools. Users are also advised to download apps solely from official platforms.