Indian cybersecurity company TraceX Labs has issued a public security advisory regarding a dangerous Android spyware campaign linked to a fake “Cockroach Janta Party” mobile application. Researchers say the malicious APK is being circulated through messaging apps and unofficial download platforms to infect Android smartphones and steal sensitive user data.
According to the threat intelligence report, the fake app functions as a powerful Android Remote Access Trojan (RAT) and spyware capable of monitoring device activity, intercepting OTPs, stealing contacts and SMS messages, and accessing personal files stored on infected devices.
Cybersecurity analysts classified the threat severity as “CRITICAL” due to the malware’s advanced surveillance functionality and misuse of Android Accessibility Services.
Spyware Campaign Distributed Through WhatsApp and Telegram
The investigation by TraceX Labs found that the fake APK is primarily spreading through:
- WhatsApp APK sharing
- Telegram groups and channels
- Fake Android app download pages
- Third-party APK hosting websites
- Social engineering campaigns targeting Android users
Researchers explained that attackers are exploiting politically themed branding and trending online discussions to gain the trust of users and convince them to manually install the APK outside official app stores.
Since the application is not available on the Google Play Store, victims are required to enable Android’s “Install from Unknown Sources” setting, bypassing standard security protections provided by Google Play Protect.
The report warns that unofficial APK installations shared through messaging platforms remain one of the most common infection methods used in Android malware campaigns.
Malware Requests Multiple High-Risk Android Permissions
One of the key concerns highlighted in the advisory is the extensive list of dangerous permissions requested by the application after installation.
According to researchers, the fake “Cockroach Janta Party” app requests access to:
- SMS messages
- Contacts
- Call logs
- Camera
- Device storage
- Android Accessibility Services
Security experts warned that granting these permissions can provide attackers with broad access to sensitive information stored on the device.
TraceX Labs specifically identified Android Accessibility Services abuse as one of the malware’s most dangerous features. If enabled, the spyware can reportedly:
- Read on-screen content including OTPs and passwords
- Capture sensitive banking information
- Perform automated taps and gestures
- Interact with apps silently in the background
- Bypass Android security warnings
Researchers noted that accessibility abuse has become increasingly common in Android banking trojans and spyware operations because it allows attackers to monitor and manipulate user activity without relying on sophisticated exploits.
Reverse Engineering Exposes Advanced Surveillance Features
TraceX Labs conducted an in-depth reverse engineering analysis of the APK using Android malware decompilation and behavioral analysis tools.
The investigation reportedly uncovered several embedded spyware modules capable of:
- SMS interception and OTP forwarding
- Contact and call history theft
- Device fingerprinting
- Photo and gallery theft
- File collection from internal storage
- Process and network activity monitoring
- Continuous background surveillance
Researchers stated that the malware appears specifically designed for long-term spying operations, credential theft, and financial fraud activities.
The report also revealed that the spyware continuously communicates with remote infrastructure while masking malicious traffic inside normal encrypted internet activity, making detection significantly harder during routine monitoring.
Data Theft Capabilities Raise Major Privacy Concerns
During network traffic analysis, researchers observed the malware actively exfiltrating information from infected devices.
According to the advisory, the spyware can steal:
- SMS messages and banking OTPs
- Contacts and call history
- Photos and media files
- Stored documents
- SIM-related information
- Device identifiers
- Running application data
Cybersecurity experts warned that infected users could face identity theft, unauthorized banking transactions, social media account compromise, and broader privacy risks.
TraceX Labs Advises Users to Avoid APK Downloads
The cybersecurity company urged Android users to follow safe mobile security practices, including:
- Install applications only from trusted app stores
- Avoid APK files shared via WhatsApp or Telegram
- Keep Google Play Protect enabled
- Review app permissions carefully
- Never enable Accessibility permissions for unknown apps
Users who suspect infection are advised to immediately uninstall suspicious applications, revoke Accessibility permissions, reset passwords using another trusted device, and monitor financial accounts for unusual activity.
Researchers emphasized that Android spyware campaigns are becoming increasingly sophisticated as attackers combine social engineering, unofficial APK distribution, and accessibility abuse techniques to target users at scale
