#FactCheck-Old Maharashtra Video of Dancing Policemen Falsely Linked to West Bengal Election Results
Research Wing
Innovation and Research
PUBLISHED ON
May 6, 2026
10
Executive Summary
A video showing police personnel dancing on the streets along with civilians is going viral on social media. The clip is being shared with the claim that policemen in West Bengal were celebrating the defeat of Mamata Banerjee and the victory of the BJP.
Research by CyberPeace Research Wing found that the claim is misleading. The viral video is old and unrelated to the West Bengal elections.
Claim
An X user shared the video on April 26, 2026, alleging that police personnel were celebrating BJP’s victory. The post questioned those raising concerns over EVMs, suggesting that even police were openly rejoicing over the election outcome.
To verify the claim, we extracted keyframes from the viral video and conducted a reverse image search. This led us to a Reddit post dated September 13, 2022, where the same video was shared. The post described it as footage from Ganesh Visarjan celebrations in India, and several users in the comments identified the location as Maharashtra.
Further research led us to a YouTube channel “Yash Arate Vlogs,” which uploaded the same video on September 10, 2022. The description stated that the clip was recorded during Ganpati immersion celebrations in Kolhapur.
We also found media reports from September 2022 indicating that during Ganesh Visarjan in Kolhapur, loud music and festive atmosphere led even on-duty police personnel to briefly join the celebrations.
Our research confirms that the viral video does not show any post-election celebration in West Bengal. It is an old clip from Maharashtra, recorded during Ganesh Visarjan festivities, and is being falsely shared with a misleading political claim.
A video circulating on social media falsely claims that India’s Finance Minister, Smt. Nirmala Sitharaman, has endorsed an investment platform promising unusually high returns. Upon investigation, it was confirmed that the video is a deepfake—digitally manipulated using artificial intelligence. The Finance Minister has made no such endorsement through any official platform. This incident highlights a concerning trend of scammers using AI-generated videos to create misleading and seemingly legitimate advertisements to deceive the public.
Claim:
A viral video falsely claims that the Finance Minister of India Smt. Nirmala Sitharaman is endorsing an investment platform, promoting it as a secure and highly profitable scheme for Indian citizens. The video alleges that individuals can start with an investment of ₹22,000 and earn up to ₹25 lakh per month as guaranteed daily income.
Fact check:
By doing a reverse image search from the key frames of the viral fake video we found an original YouTube clip of the Finance Minister of India delivering a speech on the webinar regarding 'Regulatory, Investment and EODB reforms'. Upon further research we have not found anything related to the viral investment scheme in the whole video.
The manipulated video has had an AI-generated voice/audio and scripted text injected into it to make it appear as if she has approved an investment platform.
The key to deepfakes is that they seem relatively realistic in their facial movement; however, if you look closely, you can see that there are mismatched lip-syncing and visual transitions that are out of the ordinary, and the results prove our point.
Also, there doesn't appear to be any acknowledgment of any such endorsement from a legitimate governmentwebsite or a credible news outlet. This video is a fabricated piece of misinformation to attempt to scam the viewers by leveraging the image of a trusted public figure.
Conclusion:
The viral video showing the Finance Minister of India, Smt. Nirmala Sitharaman promoting an investment platform is fake and AI-generated. This is a clear case of deepfake misuse aimed at misleading the public and luring individuals into fraudulent schemes. Citizens are advised to exercise caution, verify any such claims through official government channels, and refrain from clicking on unknown investment links circulating on social media.
Claim: Nirmala Sitharaman promoted an investment app in a viral video.
A video circulating on social media allegedly shows Uttar Pradesh Chief Minister Yogi Adityanath criticizing Bollywood actor Shah Rukh Khan and asking people not to watch his films. Users sharing the clip claim that these statements are recent. CyberPeace’s research has found the claim to be misleading. research revealed that the video is from 2015, long before Yogi Adityanath became the Chief Minister of Uttar Pradesh. At that time, he was serving as a Member of Parliament from Gorakhpur.
Claim
On January 13, 2026, a Facebook user shared the video with the caption: "A clear message from the Hon’ble Chief Minister of Uttar Pradesh, Param Pujya Mahant Yogi Adityanath, urging people not to watch Shah Rukh Khan’s movie. Share this message widely, send it to all groups you are part of, and inform the youth in your family."
To verify the claim, keyframes from the viral video were extracted and reverse-searched using Google Lens. The same video was found in a Facebook post dated March 28, 2022, where it was shared with the caption: "Baba Ji’s message to not watch Shah Rukh Khan’s ‘Pathaan’ movie."
Further research traced the video to Aaj Tak’s website, which reported on November 4, 2015, that then-BJP MP Yogi Adityanath criticized Shah Rukh Khan, comparing his language to that of terrorist Hafiz Saeed, stating that there was no difference in their statements.
A Live Hindustan report from the same date confirmed that Yogi Adityanath had strongly reacted to Shah Rukh Khan’s comments on rising intolerance in India and Hafiz Saeed’s invitation for him to stay in Pakistan. The reports make it clear that Yogi Adityanath criticized Shah Rukh Khan in 2015 by highlighting the similarity between his statements and those of Hafiz Saeed. At the same time, Shah Rukh Khan had highlighted growing intolerance in the country, citing incidents where filmmakers, scientists, and authors were returning awards, describing it as a sign of “deep intolerance” in India.
Our research found that the statement attributed to Chief Minister Yogi Adityanath circulating on social media is not recent. The video dates back to 2015, a time when Yogi Adityanath was not yet the Chief Minister of Uttar Pradesh.
Devices and interconnectivity are the pipelines which drive the data into cyberspace, and in turn, the users consume this data to perform different tasks in the digital age. The security of devices and networks is essential as they are the first defenders of cyberspace. Bad actors often target systems and networks with malware and ransomware, these attacks are differently motivated, but all wreak havoc upon the system and can impact individuals and organisations alike. Mobile users worldwide prefer iOS or Android, but both operating systems are vulnerable to cyberattacks these days. Some of these attacks go undetected for a long time.
Op Triangulation
As reported by Kaspersky, While monitoring the network traffic of their own corporate Wi-Fi network dedicated to mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), Kaspersky noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, they created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise. This is known as Operation Triangulation and has been in action since 2019 and got detected in 2023.
The Malware
A portion of the filesystem, including some of the user data and service databases, is included in mobile device backups. The files, directories, and database entries’ timestamps make it possible to reconstruct the events that happened to the device roughly. The “timeline.csv” file created by the mvt-ios software contains a sorted timeline of events that is comparable to the super-timeline utilised by traditional digital forensic tools. Pinpointing particular artefacts that show the compromise using this timeframe. This made it possible to advance the research and reassemble the broad infection sequence:
Through the iMessage service, a message with an attachment containing an exploit is delivered to the target iOS device.
The message initiates a vulnerability that results in code execution without any user input.
The exploit’s code downloads multiple additional stages, including additional exploits for privilege escalation, from the C&C server.
After successful exploitation, a fully functional APT platform is downloaded as the final payload from the C&C server.
The first message and the attachment’s exploit are removed
The lack of persistence support in the harmful toolset is most likely a result of OS restrictions. Multiple devices’ timeframes suggest that after rebooting, they might get infected again. The earliest signs of infection that we found date to 2019. The most recent version of the devices that have been successfully attacked as of the time of writing in June 2023 is iOS 15.7.
The final payload analysis is still ongoing. The programme executes with root rights, implements a set of commands for gathering user and system data, and can run any code downloaded as plugin modules from the C&C server.
Malicious Domains
Using the forensic artefacts, it was possible to identify the domain name set used by the exploits and further malicious stages. They can be used to check the DNS logs for historical information and to identify the devices currently running the malware:
addatamarket[.]net
backuprabbit[.]com
businessvideonews[.]com
cloudsponcer[.]com
datamarketplace[.]net
mobilegamerstats[.]com
snoweeanalytics[.]com
tagclick-cdn[.]com
topographyupdates[.]com
unlimitedteacup[.]com
virtuallaughing[.]com
web-trackers[.]com
growthtransport[.]com
anstv[.]netAns7tv[.]net
Safeguards for iOS users
Despite its world-class safety and privacy architecture, iOS is vulnerable to a few attacks; the following steps can be undertaken to safeguard iOS users –
Keeping Device updated
Security patches
Disabling iMessage would prevent Zero clicks exploits or the Triangulation attacks
Paying zero attention to unwanted, unsolicited messages
The user should make sure that any application they are downloading or installing; it should be from a trusted source ( This Zero click attack does not occur by any other means, It exploits / it targets software vulnerabilities in operating systems networks and applications)
Being cautious with the messaging app and emails
Implement device restrictions (management features like parental control and restrictions over using necessary applications)
Conclusion
Operation Triangulation is one of the recent operations combating cyber attacks, but such operations are launched nearly daily. This is also due to a rapid rise in internet and technology penetration across the world. Cyberattacks have taken a new face as they have evolved with the new and emerging technology. The influence of the Darknet has allowed many hackers to remain on the black hat side due to easy accessibility to illegal tools and material over the dark net, which facilitates such crimes.
Become a part of our vision to make the digital world safe for all!
Numerous avenues exist for individuals to unite with us and our collaborators in fostering global cyber security
Awareness
Stay Informed: Elevate Your Awareness with Our Latest Events and News Articles Promoting Cyber Peace and Security.
Your institution or organization can partner with us in any one of our initiatives or policy research activities and complement the region-specific resources and talent we need.