Fake ‘Cockroach Janta Party’ app found stealing banking data

Cybersecurity researchers have issued a critical warning over a fake Android application using the name “Cockroach Janta Party”, alleging that the app is actually dangerous malware designed to steal sensitive user data.

According to a security advisory released by TraceX Labs on May 22, the malicious APK file is being circulated through WhatsApp, Telegram groups and a suspicious website impersonating the party’s branding.

Malware disguised as political app

The fake application, titled “Cockroach Janta Party.apk”, reportedly presents itself as a political campaign app after installation.

However, researchers said the app secretly functions as a Remote Access Trojan (RAT), spyware and banking malware targeting Android devices.

The malware allegedly requests dangerous permissions including access to SMS messages, call logs, contacts, camera, storage and Android Accessibility services.

Experts warned that accessibility permissions could allow attackers to read OTPs, passwords, banking details and even perform automated actions on the device.

Researchers warn of banking fraud risk

Reverse engineering of the APK reportedly revealed modules capable of collecting SIM information, SMS messages, gallery files, device details and app activity.

The report also claimed that incoming SMS messages could be forwarded automatically, increasing the risk of banking fraud and unauthorised transactions.

Researchers said the malware uses Telegram Bot API for command-and-control communication, making malicious traffic harder to detect.

The advisory clarified that the legitimate Cockroach Janta Party has no connection to the app and is itself a victim of impersonation.

Users urged to uninstall app immediately

Cybersecurity experts advised users who installed the app to remove it immediately, review accessibility settings and reset banking credentials using another secure device.

Users were also urged to avoid downloading APK files shared through WhatsApp, Telegram or unofficial websites and instead rely only on verified platforms such as the Google Play Store.

The report further recommended monitoring bank accounts for suspicious activity and avoiding SMS-based two-factor authentication temporarily.