1 week ago
1
With the summation successful popularity of the satirical integer level Cockroach Janta Party (CJP), cybercriminals are exploiting this viral popularity to instrumentality Android users into downloading fake APK apps from extracurricular the Google Play Store, according to an autarkic probe study prepared by Mumbai-based TraceX Labs, an Indian cybersecurity start-up focused connected applied information research.
Opinion | Interpreting the ‘rise’ of the Cockroach Janta Party
The 33-page study flagged a fake Android app posing arsenic CJP’s authoritative app arsenic a malware menace susceptible of hacking devices and stealing idiosyncratic data.
The study dated May 22, comprises APK analysis, which recovered that the petition was made to entree highly delicate permissions specified arsenic SMS access, contacts, storage, and Android Accessibility permissions, which helps successful speechmaking on-screen content. These permissions are commonly abused by Android spyware and banking malware to bargain OTPs, show idiosyncratic activity, seizure credentials, and entree idiosyncratic data. The study concluded that the app has thing to bash with the CJP and is exploiting its popularity among Gen Z users.
The forensic investigation of the cockroach.janta.party APK revealed spyware and Remote Access Trojan (RAT)-like behaviour, including excessive support requests, maltreatment of accessibility services, capabilities for OTP theft, and Telegram-based bid and power (C2) communication. The nexus cockroachjantaparty[.]org has been circulated done WhatsApp forwarding chains, Telegram groups, and websites.
The investigation shows that the malware comprises a Command-and-Control infrastructure based connected the Telegram Bot API. This allows cybercriminals to decrypt morganatic encrypted traffic. It besides includes DNS (Domain Name System) queries linked to the rogue domain, information exfiltration of astir 34 KB wrong minutes of execution, and aggregate simultaneous HTTPS connections.
The investigation was conducted done reverse engineering and behavioural inspection of the APK sample, on with an investigation of the associated infrastructure and permissions requested by the application. The survey was carried retired aft the researcher received an APK record named “Cockroach Janta Party.apk” done WhatsApp. Initially, retired of curiosity, the researcher decided to instal the exertion and inspect it connected an Android device.
“Immediately aft installation, the exertion began requesting a ample fig of unsafe permissions, including entree to SMS messages, contacts, telephone Logs, camera, storage, and astir critically, the accessibility service. The excessive support requests rapidly raised suspicion regarding the legitimacy of the application,” said Santhosh Kumar, the researcher from TraceX Labs, founded successful 2025 develops AI-driven information solutions designed for divers integer environments and modern cyber threats.
Santosh and his squad utilized manual testing, static analysis, runtime analysis, and reverse engineering, which were performed connected the application. To recognize the malware’s interior behaviour, the APK was manually inspected and decompiled utilizing APKTool. The AndroidManifest.xml file, exertion resources, and Smali root codification were analysed successful detail.
During the investigation of the AndroidManifest.xml file, aggregate unsafe permissions and suspicious services were identified. Further reverse engineering of the Smali files revealed respective malicious modules, including CallLogs.smali, which is designed to bargain telephone history.
Cybersecurity adept N. Ashwin warned that cybercriminals are present exploiting viral trends similar the “Cockroach Janta Party” question to people Gen Z users done societal engineering. “The attackers leverage curiosity, meme culture, and politically viral contented to lure users into downloading malicious APKs via third-party APK sites.”
The information Researcher astatine TraceX Labs, Kiran Singh Rajpurohit, said, “The investigation shows attackers are progressively utilizing politically viral content, WhatsApp sharing chains, and Telegram communities arsenic societal engineering vectors to administer malicious Android APKs targeting Indian users. Users should debar downloading unofficial APK files because attackers whitethorn exploit those trends to administer spyware oregon banking malware.”
The study besides suggests that the laminitis of CJP, Abhijeet Dipke, contented an consciousness connection for supporters to beryllium cautious and clarify that the app is not tally by him and that the organisation is simply a unfortunate of impersonation.
