Share this page!

Maybe Scrolly?
Conspirador Norteño Profile picture
Twitter logo
30 May, 7 tweets, 5 min read
Here's an interesting account: @VishalAParmar, created in May 2021. All but two of its 688 followers were also created in May 2021, over a period of less than 12 hours. #SaturdaySpam

cc: @ZellaQuixote
These followers are part of a fake follower botnet created between April 30th and May 29th, 2021. This botnet consists of (at least) 20684 accounts, none of which has ever tweeted. The accounts have random-looking but more or less pronounceable names, usually in all lowercase.
Who does this botnet follow? There's a lot of variety, although most are promotional/commercial accounts of some type. Cryptocurrency/blockchain accounts are a bit of a theme.
Here are follow order by creation date plots for the accounts followed by the largest swathes of the botnet, with the bot followers colored in green. Some of the smaller accounts appear to have almost no genuine followers whatsoever.
Although this botnet has not as of yet posted any tweets of its own, it does like tweets here and there. The majority of the tweets it likes are cryptocurrency tweets, with occasional porn, coupon spam, and a random tweet from the band Chevelle turning up as well.
The accounts in this botnet have repetitive biographies, some of which are used on dozens of accounts (1279 distinct biographies for 20864 accounts, or an average of ~16 accounts with each biography).
As is common with fake follower botnets, the accounts in this network use stolen profile pics. TinEye was generally more effective than Google or Yandex for tracking down other uses of this botnet's pics.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Conspirador Norteño

Conspirador Norteño Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @conspirator0

Conspirador Norteño Profile picture
28 May
We've previously documented that the "Round Year Fun" apps ("My Twitter Family" etc) force you to follow other accounts without your knowledge. Interestingly, the main Round Year Fun website shares an IP address with a website that sells Twitter followers.

cc: @ZellaQuixote ImageImage
The follower sales website in question (realactivefollowers(dot)com) offers a trifecta of shady Twitter-related services: you can buy followers, likes, and even developer accounts (which enables aspiring botmakers to bypass the normal approval process, among other things). ImageImageImageImage
Realactivefollowers(dot)com also offers a free trial of 50 followers. We had @DrunkAlexJones take advantage of this offer with the goal of testing the hypothesis that the followers being sold on this website are unwitting users of the Round Year Fun apps. Image
Read 6 tweets
Conspirador Norteño Profile picture
26 May
It's Tuesday in May, and a blue-check verified Twitter account by the name of @JobySanchez (permanent ID 790029565) is on the market for the exciting and dynamic price of $2000.

cc: @ZellaQuixote
The @JobySanchez account appears to have originally belonged to MMA fighter Joby Sanchez. Back in May 2020, it had far more tweets and fewer followers than it does now. The old tweets appear to have been purged - searches return nothing prior to April 18th, 2021.
About half of @JobySanchez's 4463 followers followed it recently (5/1/2021 or later), and we found an interesting difference (that we can't as of yet explain) between its old and new followers: @JobySanchez follows almost all of its recent followers but very few of the old ones.
Read 4 tweets
Conspirador Norteño Profile picture
25 May
Meet @HodgesonMaria, @MarcusSabastian, and @AdelmoNowak, a trio of accounts using a similar lineup of automation apps. Their interests include adventure, travelling, incorrect use of capital letters, and stolen profile pics. Also, they have friends.

cc: @ZellaQuixote ImageImageImageImage
These accounts are part of a botnet that consists of 40 automated accounts. Most were created in October 2020 or March/April 2021. Ten of them were created back in 2009, but have no visible tweets prior to 2020. ImageImage
All ten of the accounts with 2009 create dates underwent significant name changes at some point over the past year or so, making it reasonably likely that these accounts were hijacked or purchased. Image
Read 7 tweets
Conspirador Norteño Profile picture
24 May
The "Round Year Fun" family of malicious Twitter apps ("My Twitter Family", "My Twitter Crush", etc) began using a new domain name (roundyearfun(dot)me) as of May 1st, 2021. Here's a look at the activity since the switch, and once again: DO NOT USE THESE APPS!

cc: @ZellaQuixote
Using any of the Round Year Fun apps will cause your account to follow and mute a specific set of accounts without your knowledge. If you've already attached one or more of these apps to your account, here are instructions on how to revoke access:
We downloaded all available tweets linking to the new Round Year Fun domain, roundyearfun(dot)me, yielding 145599 tweets from 117019 accounts posted via a whopping 870 distinct apps.
Read 7 tweets
Conspirador Norteño Profile picture
22 May
Here's a look at pro-Bolsonaro, pro-Trump follow train hashtag #Bolso22Trump24. (A "follow train" is a tweet listing a bunch of accounts to follow. Generally the listed accounts will follow back anyone who follows them and retweets the train.)

cc: @ZellaQuixote
This hashtag is not the first incarnation of this follower growth operation. Similar follow trains (from many of the same accounts) were tweeted with the hashtag #BolsoTrump2021 until early March 2021, when it was abruptly replaced with #Bolso22Trump24.
We downloaded all available tweets containing #Bolso22Trump24, yielding 96310 tweets from 3920 accounts. Almost all (91148 tweets, 94.6%) are retweets, and the 4144 original tweets containing the hashtag originate with just 60 accounts.
Read 6 tweets
Conspirador Norteño Profile picture
18 May
It's a great day to look at a retweet botnet that uses GAN-generated profile pics and likes cymbals. #ThisCymbalDoesNotExist #MondayShenaniGANs

(GAN = "generative adversarial network", the AI technique used by thispersondoesnotexist.com to generate fake faces)

cc: @ZellaQuixote
This botnet consists of (at least) 1301 accounts created between November 2020 and May 2021. Although most have tweeted dozens of times, none has liked more than two tweets. Thus far, they have (allegedly) sent all of their tweets via the Twitter Web App.
All 1301 accounts in this botnet uses GAN-generated face images as their profile pics, similar to those generated by thispersondoesnotexist.com. Almost all of the bots' profile pics are female.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @conspirator0 has new unrolls!

Check out other threads from @conspirator0!

Read all threads by @conspirator0

:(