Feeds.4Sysops
DesckVB RAT Campaign Exploits Google DoubleClick for Malspam Delivery
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In May 2026, a malspam campaign utilizing the Google DoubleClick domain was identified, delivering the DesckVB remote access trojan (RAT). The attack begins with an HTML email attachment that redirects users through Google's infrastructure to a dynamically branded phishing page. This automated kit personalizes the lure by pulling in company logos and location details based on the recipient's email address, enhancing its believability. Once a victim interacts with the lure, the DesckVB RAT executes a multi-stage malware delivery process, primarily operating in memory to evade detection. The RAT can control infected systems remotely, allowing attackers to harvest data and execute commands. This campaign highlights the increasing sophistication of malspam operations, which are becoming more scalable and harder to detect. Security professionals are urged to remain vigilant against such evolving threats.
Key Points: • DesckVB RAT is delivered via malspam leveraging Google DoubleClick for evasion. • The attack uses automated phishing techniques to personalize lures for victims. • Once executed, the RAT operates primarily in memory, reducing detection risks.