#FactCheck -2018 Baba Ramdev Video on Cheap Petrol Resurfaces Amid Fuel Price Hike, Shared Out of Context

Research Wing
Research Wing
Innovation and Research
PUBLISHED ON
May 28, 2026
10

Executive Summary

Amid rising petrol and diesel prices in India, an old video statement by Baba Ramdev is being widely shared on social media. In the viral clip, Ramdev can be heard saying that if the government permits him to open petrol pumps, he can provide petrol and diesel across the country at Rs 35-40 per litre. He is also heard suggesting that petrol and diesel should be brought under the lowest GST slab. However, CyberPeace Research Wing  research found the viral claim to be misleading. The research revealed that Baba Ramdev made the statement during a private news channel event in 2018 and has not made any such recent remark.

Claim

A Facebook user named “Aman Singh Bathla” shared the old video of Baba Ramdev on May 26, 2026, and wrote:

“I can provide petrol and diesel to the entire country at Rs 35-40 if the Modi government allows me to open petrol pumps!”

Fact Check

To verify the claim, we closely examined the viral video and noticed the logo of NDTV in the clip. Based on this clue, we searched NDTV’s official YouTube channel using relevant keywords and found the original video uploaded on September 16, 2018. In the full video, Baba Ramdev is seen making the viral statement during the NDTV Youth Conclave. During the discussion, the anchor had asked him a question regarding rising fuel prices, and Ramdev responded with the now-viral remarks in that context.

During further searches, we also found reports about the same statement on the website of Oneindia dated September 17, 2018. The report quoted Ramdev as saying that if the government allowed him to set up petrol pumps and offered some tax relief, he could provide fuel at Rs 35-40 per litre. He also suggested bringing petroleum products under GST, preferably in the 5 to 12 percent slab, to provide relief to consumers.

Our research confirmed that Baba Ramdev’s viral statement dates back to 2018 and has no connection with the recent rise in fuel prices.

Conclusion

The viral post was found to be misleading. Baba Ramdev made the statement in September 2018 during a private news channel event. His old remarks are now being circulated out of context to create confusion over the current fuel price situation.

PUBLISHED ON
May 28, 2026
Category
#FactCheck
TAGS
#
#FactCheck

Related Blogs

#FactCheck-Air Taxi is a prototype and is not launched to commercial public
#FactCheck-Air Taxi is a prototype and is not launched to commercial public
10
February 16, 2025

Executive Summary:

Recent reports circulating on various social media platforms have falsely claimed that an air taxi prototype is operational and providing services between Amritsar, Chandigarh, Delhi, and Jaipur. These claims, accompanied by images and videos, have been widely shared, leading to significant public attention. However, upon conducting a thorough examination using reverse image search, it has been determined that the information is misleading and inaccurate. These assertions do not reflect the current reality and are not substantiated by credible sources

Claim:

The claim suggests that an air taxi prototype is already operational, servicing routes between Amritsar, Chandigarh, Delhi, and Jaipur. This assertion is accompanied by images of a futuristic aircraft, implying that such technology is currently being used to transport commercial passengers.

Post Link

Fact Check:

The claim of air taxi and routes between Amritsar, Chandigarh, Delhi, and Jaipur has been found to be misleading.  Also, so far, neither the Indian government nor the respective aviation authorities have issued any sort of public declarations nor industry insiders to claim any launch of any air taxi  service. Further research followed a keyword-based search that directed us to a news report published in The Times of India on January 20, 2025. A similar post to the one seen in the viral video accompanied the report. It stated that Bengaluru-based aerospace startup Sarla Aviation launched its prototype air taxi called “Shunya” during the Bharat Mobility Global Expo. Under this plan, it looks to initiate electric flying taxis in Bangalore by 2028. This urban air transport program for India will be similar to what they are posting in this regard.

Conclusion:

The viral claim saying that there is an air taxi service in India between Amritsar, Chandigarh, Delhi, and Jaipur is entirely false. The pictures and information going viral are misleading and do not relate to any progress or implementation of air taxi technology in India. To date, there is no official confirmation or credible evidence that supports such a service. Information must be verified from reliable sources before it is believed or shared in order to prevent the spread of misinformation.

  • Claim: A viral post claims an air taxi is operational between Amritsar, Chandigarh, Delhi, and Jaipur.
  • Claimed On: Social Media 
  • Fact Check: False and Misleading
#FactCheck - AI Artwork Misattributed: Mahendra Singh Dhoni Sand Sculptures Exposed as AI-Generated
#FactCheck - AI Artwork Misattributed: Mahendra Singh Dhoni Sand Sculptures Exposed as AI-Generated
10
April 26, 2024

Executive Summary:

A recent claim going around on social media that a child created sand sculptures of cricket legend Mahendra Singh Dhoni, has been proven false by the CyberPeace Research Team. The team discovered that the images were actually produced using an AI tool. Evident from the unusual details like extra fingers and unnatural characteristics in the sculptures, the Research Team discerned the likelihood of artificial creation. This suspicion was further substantiated by AI detection tools. This incident underscores the need to fact-check information before posting, as misinformation can quickly go viral on social media. It is advised everyone to carefully assess content to stop the spread of false information.

Claims:

The claim is that the photographs published on social media show sand sculptures of cricketer Mahendra Singh Dhoni made by a child.

Post link
      Post link
Post link
Post link

Fact Check:

Upon receiving the posts, we carefully examined the images. The collage of 4 pictures has many anomalies which are the clear sign of AI generated images.

In the first image the left  hand of the sand sculpture has 6 fingers and in the word INDIA, ‘A’ is not properly aligned i.e not in the same line as other letters. In the second image, the finger of the boy is missing and the sand sculpture has 4 fingers in its front foot and has 3 legs. In the third image the slipper of the boy is not visible whereas some part of the slipper is visible, and in the fourth image the hand of the boy is not looking like a hand. These are some of the major discrepancies clearly visible in the images.

We then checked using an AI Image detection tool named ‘Hive’ image detection, Hive detected the image as 100.0% AI generated.

We then checked it in another AI image detection named ContentAtScale AI image detection, and it found to be 98% AI generated.

From this we concluded that the Image is AI generated and has no connection with the claim made in the viral social media posts. We have also previously debunked AI Generated artwork of sand sculpture of Indian Cricketer Virat Kohli which had the same types of anomalies as those seen in this case.

Conclusion:

Taking into consideration the distortions spotted in the images and the result of AI detection tools, it can be concluded that the claim of the pictures representing the child's sand sculptures of cricketer Mahendra Singh Dhoni is false. The pictures are created with Artificial Intelligence. It is important to check and authenticate the content before posting it to social media websites.

  • Claim: The frame of pictures shared on social media contains child's sand sculptures of cricket player Mahendra Singh Dhoni.
  • Claimed on: X (formerly known as Twitter), Instagram, Facebook, YouTube
  • Fact Check: Fake & Misleading
DISGOMOJI: The Emoji-Driven Linux Malware
DISGOMOJI: The Emoji-Driven Linux Malware
10
June 29, 2024

Executive Summary:

New Linux malware has been discovered by a cybersecurity firm Volexity, and this new strain of malware is being referred to as DISGOMOJI. A Pakistan-based threat actor alias ‘UTA0137’ has been identified as having espionage aims, with its primary focus on Indian government entities.  Like other common forms of backdoors and botnets involved in different types of cyberattacks, DISGOMOJI, the malware  allows the use of commands to capture screenshots, search for files to steal, spread additional payloads, and transfer files. DISGOMOJI  uses Discord (messaging service)  for Command & Control (C2)  and uses emojis  for C2 communication. This malware targets Linux operating systems.

The DISCOMOJI Malware:  

  • The DISGOMOJI malware opens a specific channel in a Discord server and every new channel corresponds to a new victim. This means that the attacker can communicate with the victim one at a time.
  • This particular malware connects with the attacker-controlled Discord server using Emoji, a form of relay protocol. The attacker provides unique emojis as instructions, and the malware uses emojis as a feedback to the subsequent command status.
  • For instance, the ‘camera with flash’ emoji is used to screenshots the device of the victim or to steal, the ‘fox’ emoji cracks all Firefox profiles, and the ‘skull’ emoji kills the malware process.
  • This C2 communication is done using emojis to ensure messaging between infected contacts, and it is almost impossible for Discord to shut down the malware as it can always change the account details of Discord it is using once the maliciou server is blocked.
  • The malware also has capabilities aside from the emoji-based C2 such as network probing, tunneling, and data theft that are needed to help the UTA0137 threat actor in achieving its espionage goals.

Specific emojis used for different commands by UTA0137:

  • Camera with Flash (📸): Captures a picture of the target device’s screen as per the victim’s directions.
  • Backhand Index Pointing Down (👇): Extracts files from the targeted device and sends them to the command channel in the form of attachments.
  • Backhand Index Pointing Right (👉): This process involves sending a file found on the victim’s device to another web-hosted file storage service known as Oshi or oshi[. ]at.
  • Backhand Index Pointing Left (👈): Sends a file from the victim’s device to transfer[. ]sh, which is an online service for sharing files on the Internet.
  • Fire (🔥): Finds and transmits all files with certain extensions that exist on the victim’s device, such as *. txt, *. doc, *. xls, *. pdf, *. ppt, *. rtf, *. log, *. cfg, *. dat, *. db, *. mdb, *. odb, *. sql, *. json, *. xml, *. php, *. asp, *. pl, *. sh, *. py, *. ino, *. cpp, *. java,
  • Fox (🦊): This works by compressing all Firefox related profiles in the affected device. 
  • Skull (💀): Kills the malware process in windows using ‘os. Exit()’
  • Man Running (🏃‍♂️):  Execute a command on a victim’s device. This command receives an argument, which is the command to execute.
  • Index Pointing up (👆) : Upload a file to the victim's device. The file to upload is attached along with this emoji

Analysis:   

The analysis was carried out for one of the indicator of compromised SHA-256 hash file-  C981aa1f05adf030bacffc0e279cf9dc93cef877f7bce33ee27e9296363cf002.

It is found that most of the vendors have marked the file as trojan in virustotal and the graph explains the malicious nature of the contacted domains and IPs.

Graphical representation of the above analysis

Discord & C2 Communication  for UTA0137:

  • Stealthiness: Discord is a well-known messaging platform used for different purposes, which means that sending any messages or files on the server should not attract suspicion. Such stealthiness makes it possible for UTA0137 to remain dormant for greater periods before launching an attack.
  • Customization: UTA0137 connected to Discord is able to create specific channels for distinct victims on the server. Such a framework allows the attackers to communicate with each of the victims individually to make a process more accurate and efficient.
  • Emoji-based protocol: For C2 communication, emojis really complicates the attempt that Discord might make to interfere with the operations of the malware. In case the malicious server gets banned, malware could easily be recovered, especially by using the Discord credentials from the C2 server.
  • Persistence: The malware, as stated above, has the ability to perpetually exist to hack the system and withstand rebooting of systems so that the virus can continue to operate without being detected by the owner of the hacked system.
  • Advanced capabilities: Other features of DISGOMOJI are the Network Map using Nmap scanner, network tunneling through Chisel and Ligolo and Data Exfiltration by File Sharing services. These capabilities thus help in aiding the espionage goals of UTA0137.
  • Social engineering: The virus and the trojan can show the pop-up windows and prompt messages, for example the fake update for firefox and similar applications, where the user can be tricked into inputting the password.
  • Dynamic credential fetching: The malware does not write the hardcoded values of the credentials in order to connect it to the discord server. This also inconveniences analysts as they are unable to easily locate the position of the C2 server.
  • Bogus informational and error messages: They never show any real information or errors because they do not want one to decipher the malicious behavior easily.

Recommendations to mitigate the risk of UTA0137:

  • Regularly Update Software and Firmware: It is essential to regularly update all the application software and firmware of different devices, particularly, routers, to prevent hackers from exploiting the discovered and disclosed flaws. This includes fixing bugs such as CVE-2024-3080 and CVE-2024-3912 on ASUS routers, which basically entails solving a set of problems.
  • Implement Multi-Factor Authentication: There are statistics that show how often user accounts are attacked, it is important to incorporate multi-factor authentication to further secure the accounts.
  • Deploy Advanced Malware Protection: Provide robust guard that will help the user recognize and prevent the execution of the DISGOMOJI malware and similar threats.
  • Enhance Network Segmentation: Utilize stringent network isolation mechanisms that seek to compartmentalize the key systems and data from the rest of the network in order to minimize the attack exposure.
  • Monitor Network Activity: Scanning Network hour to hour for identifying and handling the security breach and the tools such as Nmap, Chisel, Ligolo etc can be used.
  • Utilize Threat Intelligence: To leverage advanced threats intelligence which will help you acquire knowledge on previous threats and vulnerabilities and take informed actions.
  • Secure Communication Channels: Mitigate the problem of the leakage of developers’ credentials and ways of engaging with the discord through loss of contact to prevent abusing attacks or gaining control over Discord as an attack vector.
  • Enforce Access Control: Regularly review and update the user authentication processes by adopting stricter access control measures that will allow only the right personnel to access the right systems and information.
  • Conduct Regular Security Audits: It is important to engage in security audits periodically in an effort to check some of the weaknesses present within the network or systems.
  • Implement Incident Response Plan: Conduct a risk assessment, based on that design and establish an efficient incident response kit that helps in the early identification, isolation, and management of security breaches.
  • Educate Users: Educate users on cybersecurity hygiene, opportunities to strengthen affinity with the University, and conduct retraining on threats like phishing and social engineering.

Conclusion:

The new threat actor named UTA0137 from Pakistan who was utilizing DISGOMOJI malware to attack Indian government institutions using embedded emojis with a command line through the Discord app was discovered by Volexity. It has the capability to exfiltrate and aims to steal the data of government entities. The UTA0137 was continuously improved over time to permanently communicate with victims. It underlines the necessity of having strong protection from viruses and hacker attacks, using secure passwords and unique codes every time, updating the software more often and having high-level anti-malware tools. Organizations can minimize advanced threats, the likes of DISGOMOJI and protect sensitive data by improving network segmentation, continuous monitoring of activities, and users’ awareness.

References:

https://otx.alienvault.com/pulse/66712446e23b1d14e4f293eb

https://thehackernews.com/2024/06/pakistani-hackers-use-disgomoji-malware.html?m=1

https://cybernews.com/news/hackers-using-emojis-to-command-malware/

https://www.blackhatethicalhacking.com/news/disgomoji-new-linux-malware-uses-emojis-for-command-execution/

https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/

Become a part of our vision to make the digital world safe for all!

Numerous avenues exist for individuals to unite with us and our collaborators in fostering  global cyber security

Awareness

Stay Informed: Elevate Your Awareness with Our Latest Events and News Articles Promoting Cyber Peace and Security.

CyberPeace Corps Induction Workshop
The Missing Link Trust to combat online child trafficking
Cyber Safety Carnival
Safer Internet Day 2023
Indian schools and colleges under digital siege: Massive cyber breach crisis exposed
Over 2 lack cyberattacks, 4 lakh data breaches hit Indian educational institutions in 9 months
Lessons in Cybersecurity Required: 2 Lakh Cyberattacks Shake Indian Education Sector in Just Nine Months
2 lakh cyberattacks, 4 lakh data breaches in Indian educational sector in 9 months

Engagement

Your institution or organization can partner with us in any one of our initiatives or policy research activities and complement the region-specific resources and talent we need.

Discover ways to collaborate
Request for Proposals

Play your part for CyberPeace

Donate to us directly to help us build more pioneering initiatives.

Donate Now