Researchers uncovered a malspam campaign that abuses Googleβs DoubleClick domain to hide its redirect chain and deliver DesckVB RAT through a phishing email attachment. The attack uses dynamic victim personalization, multiple loaders, and defense evasion techniques to gain persistence, disable security tools, and take control of infected systems. #DoubleClick #DesckVBRAT
Keypoints
- The campaign starts with an HTML attachment in a phishing email.
- Attackers use Google DoubleClick to route victims through trusted infrastructure.
- The lure dynamically personalizes pages using the victimβs email address.
- The infection chain deploys loaders, PowerShell, and process hollowing to install DesckVB RAT.
- The malware evades detection by patching AMSI and ETW, disabling defenses, and maintaining persistence.
Read More: https://thehackernews.com/2026/06/google-doubleclick-abused-in-new.html