DesckVB RAT Campaign Exploits Google DoubleClick for Malspam Delivery

DesckVB RAT Campaign Exploits Google DoubleClick for Malspam Delivery

First seen 3 Jun 2026, 22:11 UTC HuntressFeeds.4SysopsScworldGbhackersCybersecuritynews+1 83% similarity 67.5

Article Content

Browse articles
ThreatCluster

In May 2026, a malspam campaign utilizing the Google DoubleClick domain was identified, delivering the DesckVB remote access trojan (RAT). The attack begins with an HTML email attachment that redirects users through Google's infrastructure to a dynamically branded phishing page. This automated kit personalizes the lure by pulling in company logos and location details based on the recipient's email address, enhancing its believability. Once a victim interacts with the lure, the DesckVB RAT executes a multi-stage malware delivery process, primarily operating in memory to evade detection. The RAT can control infected systems remotely, allowing attackers to harvest data and execute commands. This campaign highlights the increasing sophistication of malspam operations, which are becoming more scalable and harder to detect. Security professionals are urged to remain vigilant against such evolving threats.

Key Points: • DesckVB RAT is delivered via malspam leveraging Google DoubleClick for evasion. • The attack uses automated phishing techniques to personalize lures for victims. • Once executed, the RAT operates primarily in memory, reducing detection risks.

ThreatCluster AI

Timeline

2026-05-01
DesckVB RAT malspam campaign launched
A new malspam campaign began, utilizing Google DoubleClick to deliver the DesckVB RAT through personalized phishing emails.
Huntress
2026-06-03
Huntress SOC responds to DesckVB RAT infection
The Huntress SOC reported an incident involving the DesckVB RAT, highlighting its sophisticated delivery and operation methods.
Huntress
2026-06-03
Google DoubleClick abuse reported
Reports confirmed that the Google DoubleClick domain was exploited to bypass security filters in the malspam campaign.
Feeds.4Sysops

Community

Browse all →