Here's an interesting account: @VishalAParmar, created in May 2021. All but two of its 688 followers were also created in May 2021, over a period of less than 12 hours. #SaturdaySpam
These followers are part of a fake follower botnet created between April 30th and May 29th, 2021. This botnet consists of (at least) 20684 accounts, none of which has ever tweeted. The accounts have random-looking but more or less pronounceable names, usually in all lowercase.
Who does this botnet follow? There's a lot of variety, although most are promotional/commercial accounts of some type. Cryptocurrency/blockchain accounts are a bit of a theme.
Here are follow order by creation date plots for the accounts followed by the largest swathes of the botnet, with the bot followers colored in green. Some of the smaller accounts appear to have almost no genuine followers whatsoever.
Although this botnet has not as of yet posted any tweets of its own, it does like tweets here and there. The majority of the tweets it likes are cryptocurrency tweets, with occasional porn, coupon spam, and a random tweet from the band Chevelle turning up as well.
The accounts in this botnet have repetitive biographies, some of which are used on dozens of accounts (1279 distinct biographies for 20864 accounts, or an average of ~16 accounts with each biography).
As is common with fake follower botnets, the accounts in this network use stolen profile pics. TinEye was generally more effective than Google or Yandex for tracking down other uses of this botnet's pics.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
We've previously documented that the "Round Year Fun" apps ("My Twitter Family" etc) force you to follow other accounts without your knowledge. Interestingly, the main Round Year Fun website shares an IP address with a website that sells Twitter followers.
The follower sales website in question (realactivefollowers(dot)com) offers a trifecta of shady Twitter-related services: you can buy followers, likes, and even developer accounts (which enables aspiring botmakers to bypass the normal approval process, among other things).
Realactivefollowers(dot)com also offers a free trial of 50 followers. We had @DrunkAlexJones take advantage of this offer with the goal of testing the hypothesis that the followers being sold on this website are unwitting users of the Round Year Fun apps.
It's Tuesday in May, and a blue-check verified Twitter account by the name of @JobySanchez (permanent ID 790029565) is on the market for the exciting and dynamic price of $2000.
The @JobySanchez account appears to have originally belonged to MMA fighter Joby Sanchez. Back in May 2020, it had far more tweets and fewer followers than it does now. The old tweets appear to have been purged - searches return nothing prior to April 18th, 2021.
About half of @JobySanchez's 4463 followers followed it recently (5/1/2021 or later), and we found an interesting difference (that we can't as of yet explain) between its old and new followers: @JobySanchez follows almost all of its recent followers but very few of the old ones.
Meet @HodgesonMaria, @MarcusSabastian, and @AdelmoNowak, a trio of accounts using a similar lineup of automation apps. Their interests include adventure, travelling, incorrect use of capital letters, and stolen profile pics. Also, they have friends.
These accounts are part of a botnet that consists of 40 automated accounts. Most were created in October 2020 or March/April 2021. Ten of them were created back in 2009, but have no visible tweets prior to 2020.
All ten of the accounts with 2009 create dates underwent significant name changes at some point over the past year or so, making it reasonably likely that these accounts were hijacked or purchased.
The "Round Year Fun" family of malicious Twitter apps ("My Twitter Family", "My Twitter Crush", etc) began using a new domain name (roundyearfun(dot)me) as of May 1st, 2021. Here's a look at the activity since the switch, and once again: DO NOT USE THESE APPS!
Using any of the Round Year Fun apps will cause your account to follow and mute a specific set of accounts without your knowledge. If you've already attached one or more of these apps to your account, here are instructions on how to revoke access:
We downloaded all available tweets linking to the new Round Year Fun domain, roundyearfun(dot)me, yielding 145599 tweets from 117019 accounts posted via a whopping 870 distinct apps.
Here's a look at pro-Bolsonaro, pro-Trump follow train hashtag #Bolso22Trump24. (A "follow train" is a tweet listing a bunch of accounts to follow. Generally the listed accounts will follow back anyone who follows them and retweets the train.)
This hashtag is not the first incarnation of this follower growth operation. Similar follow trains (from many of the same accounts) were tweeted with the hashtag #BolsoTrump2021 until early March 2021, when it was abruptly replaced with #Bolso22Trump24.
We downloaded all available tweets containing #Bolso22Trump24, yielding 96310 tweets from 3920 accounts. Almost all (91148 tweets, 94.6%) are retweets, and the 4144 original tweets containing the hashtag originate with just 60 accounts.
This botnet consists of (at least) 1301 accounts created between November 2020 and May 2021. Although most have tweeted dozens of times, none has liked more than two tweets. Thus far, they have (allegedly) sent all of their tweets via the Twitter Web App.
All 1301 accounts in this botnet uses GAN-generated face images as their profile pics, similar to those generated by thispersondoesnotexist.com. Almost all of the bots' profile pics are female.