#FactCheck - Debunked: AI-Generated Image Circulating as April Solar Eclipse Snapshot
Executive Summary:
A picture about the April 8 solar eclipse, which was authored by AI and was not a real picture of the astronomical event, has been spreading on social media. Despite all the claims of the authenticity of the image, the CyberPeace’s analysis showed that the image was made using Artificial Intelligence image-creation algorithms. The total solar eclipse on April 8 was observable only in those places on the North American continent that were located in the path of totality, whereas a partial visibility in other places was possible. NASA made the eclipse live broadcast for people who were out of the totality path. The spread of false information about rare celestial occurrences, among others, necessitates relying on trustworthy sources like NASA for correct information.
Claims:
An image making the rounds through social networks, looks like the eclipse of the sun of the 8th of April, which makes it look like a real photograph.
Fact Check:
After receiving the news, the first thing we did was to try with Keyword Search to find if NASA had posted any lookalike image related to the viral photo or any celestial events that might have caused this photo to be taken, on their official social media accounts or website. The total eclipse on April 8 was experienced by certain parts of North America that were located in the eclipse pathway. A part of the sky above Mazatlan, Mexico, was the first to witness it. Partial eclipse was also visible for those who were not in the path of totality.
Next, we ran the image through the AI Image detection tool by Hive moderation, which found it to be 99.2% AI-generated.
Following that, we applied another AI Image detection tool called Isitai, and it found the image to be 96.16% AI-generated.
With the help of AI detection tools, we came to the conclusion that the claims made by different social media users are fake and misleading. The viral image is AI-generated and not a real photograph.
Conclusion:
Hence, it is a generated image by AI that has been circulated on the internet as a real eclipse photo on April 8. In spite of some debatable claims to the contrary, the study showed that the photo was created using an artificial intelligence algorithm. The total eclipse was not visible everywhere in North America, but rather only in a certain part along the eclipse path, with partial visibility elsewhere. Through AI detection tools, we were able to establish a definite fact that the image is fake. It is very important, when you are talking about rare celestial phenomena, to use the information that is provided by the trusted sources like NASA for the accurate reason.
- Claim: A viral image of a solar eclipse claiming to be a real photograph of the celestial event on April 08
- Claimed on: X, Facebook, Instagram, website
- Fact Check: Fake & Misleading
Related Blogs
Executive Summary:
Internship scams have infiltrated the academic landscape, scamming students of many prestigious colleges. The students often prefer to carry out internships to gain knowledge and work experience. These scams use the name of popular multinational companies to exploit the students. This report studies the various case studies, their modus operandi, impact on the students and preventive strategies. This report emphasises the importance of awareness and proactive measures to protect students from falling victim to such frauds.
1. Introduction
Internships are the opportunity to overcome the gap between the practical knowledge acquired at the university and practical experience, to get practical skills and contacts in the field of activity, as well as improve employment prospects. Instead, because of high paying internships and interesting positions students have become targets of work scams. As we have seen with the advancement in digital technology, scammers take advantage of the disguise of the internet, making very neat, smart, and convincing scams.
Internship scams are very prevalent and they include fake job listings and phishing schemes as well as payment frauds which make students lose lots of money and also emotionally expose them. In this specific case, this paper examines how these scams work, the warning signs, and ways of protecting students from falling victim to them.
2. Detailed Modus Operandi of Internship Scams
Internship scams often employ a variety of tactics to attract and deceive unsuspecting students. Below is a detailed breakdown of the common methods used by scammers:
- Fake Job Listings and Offers:some text
- Scammers post attractive internship offers on popular job portals, social media platforms, and even send personalised messages via LinkedIn. These listings often mimic the branding and style of reputable companies, including well-designed logos, professional email addresses, and official-looking websites.
- Example: A fake internship offer from a reputed software firm circulates on a job portal, with a professional landing page. Students who apply are quickly “hired” without any interviews, and are asked to pay a security deposit to confirm their acceptance.
- Upfront Payment Requests:some text
- Scammers ask for payment such as registration fees, training materials, background checks, or security deposits. These payments comes under non-refundable payment and it act as the primary revenue stream for the fraudsters.
- Example: A group of students receive internship offers requiring a payment of INR 10,000 for "training materials" and "online assessments." After making the payment, the students never hear back from the company, and all attempts to contact them were futile.
- Phishing and Identity Theft:some text
- Beyond financial fraud, some scams aim to steal personal information. Fake internship applications often require detailed personal data, including identity proofs, bank account details. This data will be used as identity theft or sold on the dark web.
- Example: A student applies for an internship that asks for copies of identification documents and bank details. This information sharing led to unauthorised transactions in their bank account.
- Work-from-Home Frauds:some text
- With the rise of remote work, scammers also offer work-from-home internships that require students to purchase software or pay for specialised training. After payment, students are often given irrelevant tasks or no tasks at all, leaving them with no real work experience.
- Example: An internship advertised as a "remote data analysis role" required students to buy a proprietary software licence. After paying, students realised the software was freely available online, and the internship tasks were non-existent.
- Impersonation of Reputed Companies:some text
- Scammers use the name of well-known companies, they modify the email addresses or create fake websites that look original. They use these platforms to send offer letters, making it difficult for students to identify the scam.
- Example: A scammer creates a fake website mirroring a major consulting firm's internship page. The only difference is a minor change in the URL. Dozens of students are duped into paying registration fees.
3. Case Studies of Real-Life Incidents
- Case Study 1: The Certification Course and Internshipsome text
- A group of students received personalised emails from an official domain of a reputed tech industry providing an internship offer. Students were asked to pay Rs 10,000 to undergo a certification course to carry the internship. After paying the amount, the students did not receive any instructions, and the company was found to be nonexistent. The scammer had spoofed the company’s email domain, making it difficult to trace the source.
- Case Study 2: The Social Media Trapsome text
- A student from a university encountered an internship post on Instagram, advertising roles at a popular fashion brand. The application process involved a "screening fee" of INR 5,000. Despite appearing legitimate, the internship was fake, and the brand had no knowledge of the post. The student's personal data was also compromised, leading to unauthorised social media activity.
- Case Study 3: Internship Providing Social Platformssome text
- A popular internship providing platform, faced an incident where a scammer posted fraudulent internship offers under the guise of a major multinational. The scam involved asking students to purchase expensive software to start their work. The platform had to issue warnings and remove the listings after several complaints.
4. The Impact on Students
The consequences of internship scams extend beyond immediate financial loss, affecting students on multiple levels:
- Financial Impact:some text
- Students lose their money, ranging from minor fees to significant payments.
- Emotional and Psychological Distress:some text
- These kinds of scams can lead to anxiety, depression and loss of confidence in availing the opportunities in future.
- Exposure to Further Scams:some text
- Scammers often share details of their victims with other fraudsters, making students susceptible to repeated scams, including phishing attacks, financial frauds, and unsolicited offers.
5. Preventive Measures
- Verification of Internships:some text
- Always verify the authenticity of the internship by researching the company on official platforms such as LinkedIn, the company’s official website, and through trusted contacts or college placement cells.
- Avoid Upfront Payments:some text
- Employers do not ask for money in exchange for job or internship offers. If they demand for any kind of payment, then the employer is not original. Always question the necessity of such payments and consult trusted advisors before proceeding.
- Use Trusted Job Portals:some text
- Apply for internships through recognized platforms like LinkedIn, Internshala, or your college’s placement cell, which have verification processes to filter out fraudulent postings.
- Reporting Scams:some text
- Report suspicious offers to your college authorities, placement cells, and local cybercrime departments. Additionally, use platforms like Internshala’s “Report This Job” feature to flag fraudulent listings.
- Stay Educated and Updated:some text
- It is important to educate students by providing workshops, webinars, and awareness sessions on cybersecurity to stay informed and report about the latest scams.
6. Conclusion
Internship scams are a severe threat to the student society since they manipulate the student’s desire for an internship. The best ways to prevent such cons are by being cautious and receptive to whatever is being offered. Internship seekers, colleges and the placement cells have to work hand in hand to ensure that there is no fear among people seeking internships.
References
- Smith, J. (2024). Internship Scams on the Rise: How to Spot and Avoid Them. Retrieved from example1.com.
- Brown, A. (2023). Student Internship Scams in India: A Growing Concern. Retrieved from example2.com.
- Johnson, L. (2024). How to Protect Yourself from Fake Internship Offers. Retrieved from example3.com.
- Gupta, R. (2024). Social Media and the Rise of Job Scams. Retrieved from example4.com.
.webp)
In the tapestry of our modern digital ecosystem, a silent, pervasive conflict simmers beneath the surface, where the quest for cyber resilience seems Sisyphean at times. It is in this interconnected cyber dance that the obscure orchestrator, StripedFly, emerges as the maestro of stealth and disruption, spinning a complex, mostly unseen web of digital discord. StripedFly is not some abstract concept; it represents a continual battle against the invisible forces that threaten the sanctity of our digital domain.
This saga of StripedFly is not a tale of mere coincidence or fleeting concern. It is emblematic of a fundamental struggle that defines the era of interconnected technology—a struggle that is both unyielding and unforgiving in its scope. Over the past half-decade, StripedFly has slithered its way into over a million devices, creating a clandestine symphony of cybersecurity breaches, data theft, and unintentional complicity in its agenda. Let's delve deep into this grand odyssey to unravel the odious intricacies of StripedFly and assess the reverberations felt across our collective pursuit of cyber harmony.
The StripedFly malware represents the epitome of a digital chameleon, a master of cyber camouflage, masquerading as a mundane cryptocurrency miner while quietly plotting the grand symphony of digital bedlam. Its deceptive sophistication has effortlessly skirted around the conventional tripwires laid by our cybersecurity guardians for years. The Russian cybersecurity giant Kaspersky's encounter with StripedFly in 2017 brought this ghostly figure into the spotlight—hitherto, a phantom whistling past the digital graveyard of past threats.
How Does it work
Distinctive in its composition, StripedFly conceals within its modular framework the potential for vast infiltration—an exploitation toolkit designed to puncture the fortifications of both Linux and Windows systems. In an emboldened maneuver, it utilizes a customized version of the EternalBlue SMBv1 exploit—a technique notoriously linked to the enigmatic Equation Group. Through such nefarious channels, StripedFly not only deploys its malicious code but also tenaciously downloads binary files and executes PowerShell scripts with a sinister adeptness unbeknownst to its victims.
Despite its insidious nature, perhaps its most diabolical trait lies in its array of plugin-like functions. It's capable of exfiltrating sensitive information, erasing its tracks, and uninstalling itself with almost supernatural alacrity, leaving behind a vacuous space where once tangible evidence of its existence resided.
In the intricate chess game of cyber threats, StripedFly plays the long game, prioritizing persistence over temporary havoc. Its tactics are calculated—the meticulous disabling of SMBv1 on compromised hosts, the insidious utilization of pilfered keys to propagate itself across networks via SMB and SSH protocols, and the creation of task scheduler entries on Windows systems or employing various methods to assert its nefarious influence within Linux environments.
The Enigma around the Malware
This dualistic entity couples its espionage with monetary gain, downloading a Monero cryptocurrency miner and utilizing the shadowy veils of DNS over HTTPS (DoH) to camouflage its command and control pool servers. This intricate masquerade serves as a cunning, albeit elaborate, smokescreen, lulling security mechanisms into complacency and blind spots.
StripedFly goes above and beyond in its quest to minimize its digital footprint. Not only does it store its components as encrypted data on code repository platforms, deftly dispersed among the likes of Bitbucket, GitHub, and GitLab, but it also harbors a bespoke, efficient TOR client to communicate with its cloistered C2 server out of sight and reach in the labyrinthine depths of the TOR network.
One might speculate on the genesis of this advanced persistent threat—its nuanced approach to invasion, its parallels to EternalBlue, and the artistic flare that permeates its coding style suggest a sophisticated architect. Indeed, the suggestion of an APT actor at the helm of StripedFly invites a cascade of questions concerning the ultimate objectives of such a refined, enduring campaign.
How to deal with it
To those who stand guard in our ever-shifting cyber landscape, the narrative of StripedFly is a clarion call. StObjective reminders of the trench warfare we engage in to preserve the oasis of digital peace within a desert of relentless threats. The StripedFly chronicle stands as a persistent, looming testament to the necessity for heeding the sirens of vigilance and precaution in cyber practice.
Reaffirmation is essential in our quest to demystify the shadows cast by StripedFly, as it punctuates the critical mission to nurture a more impregnable digital habitat. Awareness and dedication propel us forward—the acquisition of knowledge regarding emerging threats, the diligent updating and patching of our systems, and the fortification of robust, multilayered defenses are keystones in our architecture of cyber defense. Together, in concert and collaboration, we stand a better chance of shielding our digital frontier from the dim recesses where threats like StripedFly lurk, patiently awaiting their moment to strike.
References:
https://thehackernews.com/2023/11/stripedfly-malware-operated-unnoticed.html?m=1
Introduction
The Telecom Regulatory Authority of India (TRAI) has directed all telcos to set up detection systems based on Artificial Intelligence and Machine Learning (AI/ML) technologies in order to identify and control spam calls and text messages from unregistered telemarketers (UTMs).
The TRAI Directed telcos
The telecom regulator, TRAI, has directed all Access Providers to detect Unsolicited commercial communication (UCC)by systems, which is based on Artificial Intelligence and Machine Learning to detect, identify, and act against senders of Commercial Communication who are not registered in accordance with the provisions of the Telecom Commercial Communication Customer Preference Regulations, 2018 (TCCCPR-2018). Unregistered Telemarketers (UTMs) are entities that do not register with Access Providers and use 10-digit mobile numbers to send commercial communications via SMS or calls.
TRAI steps to curb Unsolicited commercial communication
TRAI has taken several initiatives to reduce Unsolicited Commercial Communication (UCC), which is a major source of annoyance for the public. It has resulted in fewer complaints filed against Registered Telemarketers (RTMs). Despite the TSPs’ efforts, UCC from Unregistered Telemarketers (UTMs) continues. Sometimes, these UTMs use messages with bogus URLs and phone numbers to trick clients into revealing crucial information, leading to financial loss.
To detect, identify, and prosecute all Unregistered Telemarketers (UTMs), the TRAI has mandated that Access Service Providers implement the UCC.
Detect the System with the necessary functionalities within the TRAI’s Telecom Commercial Communication Customer Preference Regulations, 2018 framework.
Access service providers have implemented such detection systems based on their applicability and practicality. However, because UTMs are constantly creating new strategies for sending unwanted communications, the present UCC detection systems provided by Access Service providers cannot detect such UCC.
TRAI also Directs Telecom Providers to Set Up Digital Platform for Customer Consent to Curb Promotional Calls and Messages.
Unregistered Telemarketers (UTMs) sometimes use messages with fake URLs and phone numbers to trick customers into revealing essential information, resulting in financial loss.
TRAI has urged businesses like banks, insurance companies, financial institutions, and others to re-verify their SMS content templates with telcos within two weeks. It also directed telecom companies to stop misusing commercial messaging templates within the next 45 days.
The telecom regulator has also instructed operators to limit the number of variables in a content template to three. However, if any business intends to utilise more than three variables in a content template for communicating with their users, this should be permitted only after examining the example message, as well as adequate justifications and justification.
In order to ensure consistency in UCC Detect System implementations, TRAI has directed all Access Providers to deploy UCC and detect systems based on artificial intelligence and Machine Learning that are capable of constantly evolving to deal with new signatures, patterns, and techniques used by UTMs.
Access Providers have also been directed to use the DLT platform to share intelligence with others. Access Providers have also been asked to ensure that such UCC Detect System detects senders that send unsolicited commercial communications in bulk and do not comply with the requirements. All Access Providers are directed to follow the instructions and provide an update on actions done within thirty days.
The move by TRAI is to curb the menacing calls as due to this, the number of scam cases is increasing, and now a new trend of scams started as recently, a Twitter user reported receiving an automated call from +91 96681 9555 with the message “This call is from Delhi Police.” It then asked her to stay in the queue since some of her documents needed to be picked up. Then he said he works as a sub-inspector at the Kirti Nagar police station in New Delhi. He then inquired whether she had recently misplaced her Aadhaar card, PAN card, or ATM card, to which she replied ‘no’. The scammer then poses as a cop and requests that she authenticate the last four digits of her card because they have found a card with her name on it. And a lot of other people tweeted about it.
Conclusion
TRAI directed the telcos to check the calls and messages from Unregistered numbers. This step of TRAI will curb the pesky calls and messages and catch the Frauds who are not registered with the regulation. Sometimes the unregistered sender sends fraudulent links, and through these fraudulent calls and messages, the sender tries to take the personal information of the customers, which results in financial losses.
