Share this page!

Conspirador Norteño Profile picture
Twitter logo
4 Jan, 5 tweets, 4 min read
This botnet would like to give you a manual and support and help you to install and run "EA FX ROBOT", which is (allegedly) not difficult. #SpamTastic #WeHeardYouLikeBotsSoWePutABotInYourBot

cc: @ZellaQuixote Image
We found a network of 23 accounts promoting something called "EA FX ROBOT", created between October 2016 and March 2017. These accounts are automated, sending all of their tweets via a scheduling app called "Dynamic Tweets". Most of them operate on very similar schedules. ImageImageImage
Hopefully you didn't get your hopes up about installing and running "EA FX ROBOT", because the associated website (eafxrobot(dot)com, the only site linked by the botnet) is no longer online and has been replaced with a generic landing page. The botnet soldiers on, though. ImageImageImage
This botnet is very repetitive, with many tweets repeated across multiple accounts. Most tweets promote "EA FX ROBOT", despite the product in question apparently no longer being available for download. Image
Unsurprisingly the bots in this botnet (at least those with photos of people as profile pics) use stolen profile pics. Based on TinEye search results, most of them likely originated with Getty Images. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Conspirador Norteño

Conspirador Norteño Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @conspirator0

Conspirador Norteño Profile picture
2 Jan
Are you looking for cleaning services in Riyadh? Don't worry, there's a botnet for that. #SaturdaySpam

cc: @ZellaQuixote
This botnet consists of 50 Arabic-language accounts, all created between December 18th, 2020 and January 1st, 2021. These accounts tend to all activate simultaneously and all (allegedly) tweet via the Twitter Web App.
The accounts in this botnet follow other members of the botnet, and most of them follow several. The follow relationships are somewhat structured by account creation date, with the December 22nd and 23rd batches having the most follows from other bots in the network.
Read 4 tweets
Conspirador Norteño Profile picture
1 Jan
To close out 2020, we had @DrunkAlexJones tweet #HappyNewYear botbait tweets in various time zones, accompanied by music from artists associated with said time zones. (We largely missed the Eastern hemisphere because we started too late in the day.)

cc: @ZellaQuixote
Here's a chart showing how much amplification, both from automated and organic accounts. "Astro-Atlantic Hypnotica from the Cape Verde Islands" was the most-retweeted video, with 15 automated and 18 total retweets.
The @DrunkAlexJones #HappyNewYear botbait tweets were retweeted by a total of 48 different automated accounts. The most frequent flier was @BlazedRTs, which retweeted all 6 tweets it was tagged in. (Some of the tag-for-retweet bots were less reliable.)
Read 6 tweets
Conspirador Norteño Profile picture
30 Dec 20
If you're looking for a "news feed" account whose website consists entirely of news stories harvested from other websites (many of them less than reliable themselves), then @1BUV_News just might be right up your alley.

cc: @ZellaQuixote
Where does the content on 1buv(dot)com, the website promoted by @1BUV_News come from? The present lineup includes 20 different websites, the most common being Sputnik, Breitbart, and ZeroHedge. Antivax/conspiracy site Natural News is another interesting inclusion.
The majority of @1BUV_News's content is automated, posted round-the-clock by a custom app with no name. (We've seen a few bots that post via nameless apps before, but without a visible name, it's hard to tell if they're the *same* no-name automation app.)
Read 4 tweets
Conspirador Norteño Profile picture
29 Dec 20
GAN-generated profile pics (such as those produced by thispersondoesnotexist.com) have become quite popular among botnets promoting cryptocurrency blogs/websites. Here's a look at one such botnet that was mostly made just before Christmas. #HolidayShenaniGANs

cc: @ZellaQuixote
We found a group of 12 accounts with GAN-generated profile pics linking cryptocurrency-themed websites and blog posts. All but one of these accounts was created between December 22nd and 25th, 2020.
Here are the profile pics of all 12 bots in the network. When overlaid, one can see that the major facial features (particularly the eyes) are in the same location on each image. The images contain other artifacts too: the metallic droplet on @SwiftAlene's forehead, for example.
Read 7 tweets
Conspirador Norteño Profile picture
29 Dec 20
It's a great day to look at a network of old fake follower bots with randomly generated biographies. #MondayMotivation

cc: @ZellaQuixote Image
This botnet is made up of 241 accounts, created in batches between February 28th and March 3rd, 2011. All have names consisting of a first and last name followed by 2 or 4 digits, follow similar numbers of accounts, and have never liked a tweet. ImageImageImageImage
The accounts in this botnet don't just follow similar numbers of accounts - they follow a lot of the same accounts, with 543 accounts followed by all 241 members of the network. The accounts they follow are mostly promotional accounts, many of which followed the bots back. ImageImageImage
Read 4 tweets
Conspirador Norteño Profile picture
27 Dec 20
It's a day that ends in "Y", and a posse of pornbots is prolifically posting tweets advertising a group of websites, with the novel twist that the websites are included in images rather than linked directly from their tweets. #SundaySpam

cc: @ZellaQuixote
These bots were created in batches, and their image tweets contain hashtags and were (allegedly) sent via the Twitter Web App. We found 2147 batch-created accounts that fit this pattern, but how do we eliminate the ones without website names emblazoned on their image tweets?
Answer: we used OCR (optical character recognition), specifically the pytessaract library. It couldn't make much sense of the raw images, which use gray text on colored backgrounds, but tweaking the brightness/contrast on grayscale negatives resulted in machine-readable text.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @conspirator0 has new unrolls!

Check out other threads from @conspirator0!

Read all threads by @conspirator0