Meet @ChargoisCodie, whose profile pic is the cover of Codie Chargois's 2021 album "Tentatively Muttering", available on Amazon, iHeartRadio, and YouTube. One might infer that this is Codie Chargois's official Twitter account, but things are not as they seem.
The Codie Chargois tracks on YouTube are all covers that have been given different names than the original songs. Two are identical - "Just Around the Way" () and "3h AM" () are the same version of "Ring of Fire". One more thing...
All of the songs allegedly recorded by "Codie Chargois" appear to have actually been recorded by 39 WEST, an Ohio country band (reverbnation.com/39west). Perhaps "Tentatively Plagiarizing" would've been a better album title than "Tentatively Muttering".
As it turns out, @ChargoisCodie is not alone. One of the accounts it follows (@SantosShallcro1) has quite a few followers with "album covers" as profile pics. The remainder have default profile pics and GAN-generated face pics similar to those from thispersondoesnotexist.com.
These accounts are part of a botnet consisting of 344 accounts created within the last four months. Five of the accounts (@ThrunUlani, @AckleyKainin, @alciGareth, @SantosShallcro1, and @ErkerJoscelynn) are followed by the majority of the remainder.
As mentioned earlier, this botnet uses three types of profile pics:
Some but not all of the album covers actually have corresponding albums (at least some of the content of which is plagiarized and renamed) available on music platforms, all published within the last few months. The album names are amazing, though.
As is the case with unmodified GAN-generated face pics, the major facial features (particularly the eyes) are in the exact same spot on each of the 45 profile pics with GAN profile pics. This trait becomes obvious when the images are blended.
What does this network actually tweet? The majority of its content is a mix of repetitive replies to (5205/8287 tweets, 62.8%) and retweets of (2449/8287 tweets, 29.5%) other bots in the network and Kpop accounts.
Power10 retweet automation creator @JasonLSullivan_ has been excitedly promoting his new magainfo(dot)tv video site. This thread is not about that site, however. It is about another site with the same IP address: michaelsolisunus(dot)com.
(Previous thread on the now-defunct Power10 retweet automation software, as well as reporting from Business Insider on the topic) businessinsider.com/power10-activi…
At first glance, michaelsolisunus(dot)com looks like an empty website with placeholder "Home", "About Us", and "Contact Us" sections. What's up with that "Go to App" button in the corner?
Meet @AmaralBailey, a Twitter account created in August 2014 with a default profile pic and zero tweets. In a wacky plot twist, all of @AmaralBailey's followers and followees are also accounts created on August 27th 2014 with default profile pics and no tweets.
These accounts are part of a network of (at least) 2327 accounts with default profile pics and no tweets created on August 27th, 2014. Most have names that are first/last name combos, but there are a few outliers, such as @surprisingKathy, @gunWilliams, and @Clevelandexcite.
(Note: it's possible that this network is actually substantially larger than the 2327 accounts in our dataset. Since the accounts have no content and exploring the network takes a while, we stopped once we found a couple thousand accounts.)
Here's an interesting account: @VishalAParmar, created in May 2021. All but two of its 688 followers were also created in May 2021, over a period of less than 12 hours. #SaturdaySpam
These followers are part of a fake follower botnet created between April 30th and May 29th, 2021. This botnet consists of (at least) 20684 accounts, none of which has ever tweeted. The accounts have random-looking but more or less pronounceable names, usually in all lowercase.
Who does this botnet follow? There's a lot of variety, although most are promotional/commercial accounts of some type. Cryptocurrency/blockchain accounts are a bit of a theme.
We've previously documented that the "Round Year Fun" apps ("My Twitter Family" etc) force you to follow other accounts without your knowledge. Interestingly, the main Round Year Fun website shares an IP address with a website that sells Twitter followers.
The follower sales website in question (realactivefollowers(dot)com) offers a trifecta of shady Twitter-related services: you can buy followers, likes, and even developer accounts (which enables aspiring botmakers to bypass the normal approval process, among other things).
Realactivefollowers(dot)com also offers a free trial of 50 followers. We had @DrunkAlexJones take advantage of this offer with the goal of testing the hypothesis that the followers being sold on this website are unwitting users of the Round Year Fun apps.
It's Tuesday in May, and a blue-check verified Twitter account by the name of @JobySanchez (permanent ID 790029565) is on the market for the exciting and dynamic price of $2000.
The @JobySanchez account appears to have originally belonged to MMA fighter Joby Sanchez. Back in May 2020, it had far more tweets and fewer followers than it does now. The old tweets appear to have been purged - searches return nothing prior to April 18th, 2021.
About half of @JobySanchez's 4463 followers followed it recently (5/1/2021 or later), and we found an interesting difference (that we can't as of yet explain) between its old and new followers: @JobySanchez follows almost all of its recent followers but very few of the old ones.
Meet @HodgesonMaria, @MarcusSabastian, and @AdelmoNowak, a trio of accounts using a similar lineup of automation apps. Their interests include adventure, travelling, incorrect use of capital letters, and stolen profile pics. Also, they have friends.
These accounts are part of a botnet that consists of 40 automated accounts. Most were created in October 2020 or March/April 2021. Ten of them were created back in 2009, but have no visible tweets prior to 2020.
All ten of the accounts with 2009 create dates underwent significant name changes at some point over the past year or so, making it reasonably likely that these accounts were hijacked or purchased.