#FactCheck - Misleading Claims Spread With Old Ram Idol Vandalism Video

Executive Summary
‍

Amid the ongoing conflict involving the US-Israel and Iran in West Asia, a video showing destroyed aircraft at an airport is going viral on social media. The clip is being shared with the claim that it shows an Israeli military base destroyed in an Iranian attack. However, an research by the CyberPeacen found that the viral video is not real but AI-generated.

‍

Claim:

‍

An Instagram user “sakirali8064” shared the video on March 22, 2026, claiming that Iran had demonstrated its military strength by deploying advanced missiles capable of long-range precision strikes.The video also carries a “Breaking News” overlay stating:“Iran attack Israel military base… the entire base destroyed. 

‍

Post link and archive link:
‍

• https://www.instagram.com/sakirali8064/reel/DWLmrIzDk_9 
• https://perma.cc/AG9X-6JAE?type=standard 

‍

‍

Fact Check:
‍

To verify the claim, we extracted keyframes from the viral clip and conducted a reverse image search using Google Lens. We found a longer version of the same video posted on March 5, 2026, by a Facebook user named “With INC,” where it was also falsely linked to an Iranian attack on Israel’s Ben Gurion Airport.

• https://www.facebook.com/reel/1448753320368018 

‍

‍

Upon closely examining the video, we observed inconsistencies such as fire changing positions unnaturally, which raised suspicion of AI manipulation. We then analyzed the video using Hive Moderation, which indicated a probability of over 99% that the content is AI-generated.

‍

‍

Additionally, analysis using Tencent’s “Zhuque AI” detection tool suggested more than 78% likelihood of the video being AI-generated.
‍

‍

Conclusion:
‍

_‍The viral video claiming that an Iranian attack destroyed an Israeli military base is AI-generated and misleading. While Iran has claimed to have targeted Israel’s Ben Gurion International Airport using drones, the viral footage does not depict a real event.

‍

Introduction:

A new Android malware called NGate is capable of stealing money from payment cards through relaying the data read by the Near Field Communication (“NFС”) chip to the attacker’s device. NFC  is a device which allows  devices such as smartphones to communicate over a short distance wirelessly.  In particular, NGate allows forging the victims’ cards and, therefore, performing fraudulent purchases or withdrawing money from ATMs. . 

 About NGate Malware: 

The whole purpose of NGate malware is to target victims’ payment cards by relaying the NFC data to the attacker’s device. The malware is designed to take advantage of phishing tactics and functionality of the NFC on android based devices. 

Modus Operandi: 

• Phishing Campaigns: The first step is spoofed emails or SMS used to lure the users into installing the  Progressive Web Apps (“PWAs”) or the WebAPKs presented as genuine banking applications. These apps usually have a layout and logo that makes them look like an authentic app of a Targeted Bank which makes them believable. 

• Installation of NGate: When the victim downloads the specific app, he or she is required to input personal details including account numbers and PIN numbers. Users are also advised to turn on or install  NFC on their gadgets and place the payment cards to the back part of the phone to scan the cards. 

• NFCGate Component: One of the main working features of the NGate is the NFCGate, an application created and designed by some students of Technical University of Darmstadt. This tool allows the malware to:
  • • Collect NFC traffic from payment cards in the vicinity. 
    • Transmit, or relay this data to the attacker’s device through a server. 
    • Repeat data that has been previously intercepted or otherwise copied.

It is important to note that some aspects of NFCGate mandate a rooted device; however, forwarding NFC traffic can occur with devices that are not rooted, and therefore can potentially ensnare more victims. ‍

Technical Mechanism of Data Theft:

• Data Capture: The malware exploits the NFC communication feature on android devices and reads the information from the payment card, if the card is near the infected device. It is able to intercept and capture the sensive card details.  

• Data Relay: The stolen information  is transmitted through a server to the attacker’s device so that he/she is in a position to mimic the victim’s card. 

• Unauthorized Transactions: Attackers get access to spend money on the merchants or withdraw money from the ATM that has NFC enabled. This capability marks a new level of Android malware in that the hackers are able to directly steal money without having to get hold of the card. 

Social Engineering Tactics: 

In most cases, attackers use social engineering techniques to obtain more information from the target before implementing the attack. In the second phase, attackers may pretend to be representatives of a bank that there is a problem with the account and offer to download a program called NGate, which in fact is a Trojan under the guise of an application for confirming the security of the account. This method makes it possible for the attackers to get ITPIN code from the sides of the victim, which enables them to withdraw money from the targeted person’s account without authorization. 

 Technical Analysis:

The analysis of malicious file hashes and phishing links are below:

Malicious File Hashes:

csob_smart_klic.apk:

• MD5: 7225ED2CBA9CB6C038D8
• Classification: Android/Spy.NGate.B

csob_smart_klic.apk:

• MD5: 66DE1E0A2E9A421DD16B
• Classification: Android/Spy.NGate.C

george_klic.apk:

• MD5: DA84BC78FF2117DDBFDC
• Classification: Android/Spy.NGate.C

george_klic-0304.apk:

• MD5: E7AE59CD44204461EDBD
• Classification: Android/Spy.NGate.C

rb_klic.apk:

• MD5: 103D78A180EB973B9FFC
• Classification: Android/Spy.NGate.A

rb_klic.apk:

• MD5: 11BE9715BE9B41B1C852
• Classification: Android/Spy.NGate.C.

Phishing URLs:

Phishing URL: 

• https://client.nfcpay.workers[.]dev/?key=8e9a1c7b0d4e8f2c5d3f6b2

Additionally, several distinct phishing websites have been identified, including:

• rb.2f1c0b7d.tbc-app[.]life
• geo-4bfa49b2.tbc-app[.]life
• rb-62d3a.tbc-app[.]life
• csob-93ef49e7a.tbc-app[.]life
• george.tbc-app[.]life.

Analysis:

‍

‍

Broader Implications of NGate: 

The ultramodern features of NGate mean that its manifestation is not limited to financial swindling. An attacker can also generate a copy of NFC access cards and get  full access when hacking into restricted areas, for example, the corporate offices or restricted facility. Moreover, it is also safe to use the capacity to capture and analyze NFC traffic as threats to identity theft and other forms of cyber-criminality. 

Precautionary measures to be taken:

To protect against NGate and similar threats, users should consider the following strategies:

• Disable NFC: As mentioned above, NFC should be not often used, it is safe to turn NFC on Android devices off. This perhaps can be done from the general control of the device in which the bursting modes are being set. 

• Scrutinize App Permissions: Be careful concerning the permission that applies to the apps that are installed particularly the ones allowed to access the device. Hence, it is very important that applications should be downloaded only from genuine stores like Google Play Store only. 

• Use Security Software: The malware threat can be prevented by installing relevant security applications that are available in the market. 

• Stay Informed: As it has been highlighted, it is crucial for a person to know risks that are associated with the use of NFC while attempting to safeguard an individual’s identity. 

Conclusion: 

The presence of malware such as NGate is proof of the dynamism of threats in the context of mobile payments. Through the utilization of NFC function, NGate is a marked step up of Android malware implying that the attackers can directly manipulate the cash related data of the victims regardless of the physical aspect of the payment card. This underscores the need to be careful when downloading applications and to be keen on the permission one grants on the application. Turn NFC when not in use, use good security software and be aware of  the latest scams are some of the measures that help to fight this high level of financial fraud. The  attackers are now improving their methods. It is only right for the people and companies to take the right steps in avoiding the breach of privacy and identity theft.

Reference:

• https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
• https://therecord.media/android-malware-atm-stealing-czech-banks
• https://www.darkreading.com/mobile-security/nfc-traffic-stealer-targets-android-users-and-their-banking-info
• https://cybersecuritynews.com/new-ngate-android-malware/

‍

Executive Summary:

A viral video that has gone viral is purportedly of mass cheating during the UPSC Civil Services Exam conducted in Uttar Pradesh. This video claims to show students being filmed cheating by copying answers. But, when we  did a thorough research, it was noted that the incident happened during an LLB exam, not the UPSC Civil Services Exam. This is a representation of misleading content being shared to promote misinformation.

Claim: 

‍

Mass cheating took place during the UPSC Civil Services Exam in Uttar Pradesh, as shown in a viral video.

‍

‍

Fact Check:

Upon careful verification, it has been established that the viral video being circulated does not depict the UPSC Civil Services Examination, but rather an incident of mass cheating during an LLB examination. Reputable media outlets, including Zee News and India Today, have confirmed that the footage is from a law exam and is unrelated to the UPSC.

The video in question was reportedly live-streamed by one of the LLB students, held in February 2024  at City Law College in Lakshbar Bajha, located in the Safdarganj area of Barabanki, Uttar Pradesh.

The misleading attempt to associate this footage with the highly esteemed Civil Services Examination is not only factually incorrect but also unfairly casts doubt on a process that is known for its rigorous supervision and strict security protocols. It is crucial to verify the authenticity and context of such content before disseminating it, in order to uphold the integrity of our institutions and prevent unnecessary public concern.

‍

‍

Conclusion:

‍

The viral video purportedly showing mass cheating during the UPSC Civil Services Examination in Uttar Pradesh is misleading and not genuine. Upon verification, the footage has been found to be from an LLB examination, not related to the UPSC in any manner. Spreading such misinformation not only undermines the credibility of a trusted examination system but also creates unwarranted panic among aspirants and the public. It is imperative to verify the authenticity of such claims before sharing them on social media platforms. Responsible dissemination of information is crucial to maintaining trust and integrity in public institutions.

• Claim: A viral video shows UPSC candidates copying answers.
• Claimed On: Social Media
• Fact Check: False and Misleading