Unleash the Twitter Bots! 

Bots Use Melania Trump’s Name in a Coordinated Marketing Campaign to Promote Fast Fashion on Chinese E-Commerce Website

Potential Malware in Disguise

Nisos identified a Twitter-based marketing campaign advertising Temu, a Chinese company-owned marketplace, that attempted to capitalize on a controversial political event in the United States using Twitter bots and US political figures’ names. We found at least seventy bots participating in the campaign on April 4th, 2023, following former President Donald Trump’s court appearance in New York. Although this operation appears small and unsophisticated, it has large implications. Earlier this week, CNN reported that Temu’s parent company Pinduoduo spread malware through its app to spy on its users to allegedly achieve a competitive advantage.

Timely Campaign

Despite former President Donald Trump’s appearance in court, he was not at the center of the narrative at one point. Activity and narratives on Twitter related to the former First Lady, Melania Trump, started trending on Twitter from the United States around 5pm Eastern Standard Time on April 4th, 2023. Though attention on Melania during the trial of Donald Trump would not have been unusual in light of the public’s interest in how she was reacting to the proceedings, the posts that appeared associated with the tag were certainly unexpected.

Several posts mentioning “Melania” and “Temu” appeared from various Twitter accounts created between February 2023 and March 2023. Temu is an online retailer that offers shopping money for referrals. Temu’s parent company is Shanghai-based PDD Holdings (Pinduoduo), a well-known e-commerce business entity. Just a few days ago, CNN reported that multiple cyber security experts “identified the presence of malware on the Pinduoduo app that exploited vulnerabilities in Android operating systems.” The article added that company insiders stated this malware was meant to “spy” on users and competitors and increase sales.

Financially motivated actors attempted to use former First Lady Melania Trump’s name and imagery to attract users from the United States to access an affiliated website (Temu), possibly download the app, and share it with friends and family for “free shopping cash.”

What did this operation look like?

Here are a few illustrative examples.

Example of Twitter posts from Temu marketing bots:

Suspicious Characteristics and Activities

This campaign lacked sophistication, and it was obviously this network of accounts engaged in coordinated, inauthentic behavior. For instance:

1. The posts were created within the same minute.
2. The accounts used in this operation were all created around the same timeframe (February through March 2023).
3. The accounts’ bios appeared to have been given little thought.
4. The accounts’ cover photos were basic and non-personalized.
5. The accounts’ profile pictures appeared stolen from other social media users and internet personalities.
6. The majority of their content appeared random outside of the Temu-related posts.

Timeline illustrating isolated increase in posts mentioning “Temu” and “Melania,” which occurred on April 4th, 2023 – the same day former President Donald Trump appeared in court.

Example of Temu marketing bots’ Twitter profiles.

Conclusions

E-commerce and ‘fast fashion’ businesses are extremely popular on a global scale, especially in the United States. Shoppers need to be cautious about app downloads and data they’re allowing companies to access. Shoppers should also keep in mind how that information can be used against them in the future. This case study not only illustrates the method in which social media users are targeted, but also possible risks associated with downloading potentially dangerous applications.

About Nisos®

Nisos is The Managed Intelligence Company®. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.