Cybercriminals Exploiting Cockroach Janta Party’s Viral Popularity to Target Gen Z, Warns Cybersecurity Report

As the satirical digital movement Cockroach Janta Party,(CJP) continues gaining massive traction among Indias Gen Z audience, cybersecurity researchers have warned that threat actors are now exploiting the trend to spread malicious Android applications disguised as official CJP apps.

A detailed 33-page investigative report released by Mumbai-based cybersecurity start-up TraceX Labs revealed the existence of a fake Android APK impersonating the Cockroach Janta Party platform. According to the report, the malicious application is capable of compromising Android devices, stealing sensitive personal information, and enabling remote surveillance activities.

The report, published on May 22, highlights that the APK requested access to highly sensitive permissions including SMS messages, contacts, call logs, storage, camera access, and Android Accessibility Services. Researchers noted that such permissions are commonly abused by spyware, banking malware, and Android Remote Access Trojans (RATs) to intercept OTPs, monitor user activity, steal credentials, and exfiltrate private data.

Investigators concluded that the malicious application has no legitimate connection with the Cockroach Janta Party movement and is instead exploiting its online popularity and meme-driven reach among young users.

According to the forensic findings, the APK demonstrated multiple indicators of spyware and RAT-like behaviour. Researchers identified excessive permission abuse, OTP interception capabilities, accessibility service misuse, and Telegram-based Command-and-Control (C2) communication mechanisms.

The malicious domain cockroachjantaparty[.]org was reportedly distributed through WhatsApp forwarding chains, Telegram groups, and third-party APK download websites.

The report further revealed that the malware infrastructure relied heavily on the Telegram Bot API to manage infected devices and communicate with operators. Researchers also observed suspicious DNS queries, multiple encrypted HTTPS connections, and rapid data exfiltration activity shortly after execution of the APK.

The investigation was initiated after researchers received a file named Cockroach Janta Party.apk,through WhatsApp. Curious about its authenticity, the team installed and isolated the application inside a controlled Android testing environment for analysis.

Immediately after installation, the application began requesting an unusually high number of dangerous permissions, including access to SMS, contacts, call logs, storage, and accessibility services. The excessive permission requests quickly raised concerns about the legitimacy of the app,said Santhosh Kumar, researcher at TraceX Labs.

Founded in 2025, TraceX Labs focuses on AI-driven cybersecurity research and advanced threat intelligence solutions designed to combat evolving digital threats.

To analyse the malware, researchers used a combination of manual testing, runtime analysis, reverse engineering, and static analysis techniques. The APK was decompiled using APKTool, allowing investigators to inspect the AndroidManifest.xml file, application resources, and underlying Smali source code.

During the reverse engineering process, researchers identified multiple suspicious modules, including components designed to extract call history, intercept messages, monitor device activity, and collect sensitive information from infected devices.

Mobile forensics expert Ashib Mansoori, at TraceX Labs warned that cybercriminals are increasingly weaponising viral internet trends, meme culture, and politically charged online movements to target younger audiences through social engineering campaigns.

The attackers are leveraging curiosity, meme culture, and viral political content to trick users into downloading malicious APKs from unofficial sources,the report stated.

Cybersecurity researcher Kiran Singh Rajpurohit of TraceX Labs added that attackers are now actively using WhatsApp forwarding chains, Telegram communities, and politically viral content as effective social engineering vectors to spread malicious Android applications targeting Indian users.

Users should avoid downloading APK files from unofficial sources, as attackers frequently exploit trending movements and viral content to distribute spyware, credential stealers, and banking malware,he said.

The report also recommended that Cockroach Janta Party founder Abhijeet Dipke publicly issue an awareness advisory clarifying that the malicious application is not affiliated with the organisation and urging supporters to avoid downloading unofficial APKs circulating online.