Google removes 3,000 China-linked fake YouTube channels

As the US presidential election inches closer, Google said it has terminated more than 3,000 fake YouTube channels in July-September period which were part of a large spam network linked to China that attempted to run an influence operation on YouTube.

As a result, this large China-operated network hasn’t been able to build an audience.

“Most of the videos we identify have fewer than 10 views, and most of these views appear to come from related spam accounts rather than actual users,” Google said in a statement late on Friday.

“While this network posted frequently, the majority of this content was spam. We haven’t seen it effectively reach an actual audience on YouTube,” said Shane Huntley, Google Threat Analysis Group (TAG).

This YouTube network has a presence across multiple platforms, and acts by primarily acquiring or hijacking existing accounts and posting spammy content in Mandarin such as videos of animals, music, food, plants, sports, and games.

“A small fraction of these spam channels will then post videos about current events. Such videos frequently feature clumsy translations and computer-generated voices,” Huntley informed.

Researchers at Graphika and FireEye have detailed how this network behaves — including its shift from posting content in Mandarin about issues related to Hong Kong and China’s response to Covid-19, to including a small subset of content in English and Mandarin about current events in the US (such as protests around racial justice, the wildfires on the West Coast, and the US response to Covid-19).

In June, Google saw phishing attempts against the personal email accounts of staffers on the Joe Biden and Donald Trump campaigns by Chinese and Iranian APTs (Advanced Persistent Threats), respectively.

The Iranian attacker group (APT35) and the Chinese attacker group (APT31) targeted campaign staffers’ personal emails with credential phishing emails and emails containing tracking links.

“As part of our wider tracking of APT31 activity, we’ve also seen them deploy targeted malware campaigns,” Google said.

“Overall, we’ve seen increased attention on the threats posed by APTs in the context of the US election,” the tech giant added.

In September, Google also saw multiple North Korea groups shifting their targeting towards Covid-19 researchers and pharmaceutical companies, including those based in South Korea.

One campaign used URL shorteners and impersonated the target’s webmail portal in an attempt to harvest email credentials.

In a separate campaign, attackers posed as recruiting professionals to lure targets into downloading malware, Google said.