DoubleClick Abused in Malspam Campaign to Deliver DesckVB RAT

Michael Miller · 2026-06-03

Cybersecurity researchers have flagged a new malspam campaign that cleverly abuses Google's DoubleClick domain to slip past security tools and deliver a remote access trojan (RAT) called DesckVB RAT. Here’s the thing: before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick—a legitimate Google-owned domain that many security tools are less likely to treat as suspicious. It’s a classic case of hiding in plain sight, using a trusted platform to bypass filters. ### How the Attack Works The malspam emails look convincing, often impersonating reputable companies or urgent notifications. They contain links that first redirect to DoubleClick’s ad network, which then forwards the victim to a malicious site hosting the DesckVB RAT payload. - The initial DoubleClick redirect makes the link appear safe to automated scanners. - Once on the malicious site, the RAT is downloaded and executed without the user’s knowledge. - DesckVB RAT then gives attackers full remote access to the infected machine. This technique exploits the trust that security software places in well-known domains like DoubleClick. It’s a reminder that not all legitimate-looking URLs are safe. ### Why This Matters for Professionals For anyone using antidetect browsers or managing online privacy, this campaign is a wake-up call. Traditional security measures often fail when attackers leverage trusted infrastructure. Here’s what you need to know: - **Evasion is sophisticated**: Attackers are constantly finding new ways to bypass detection, and using Google’s own domain is a prime example. - **Antidetect browser use**: If you rely on antidetect browsers for privacy or multi-account management, you must stay vigilant. Even a trusted redirect can lead to malware. - **Best practices**: Always verify links in emails, even if they appear to come from known senders. Hover over URLs before clicking to see the actual destination. ### Protecting Yourself and Your Team To defend against campaigns like this, consider these steps: 1. **Use advanced email filtering**: Look for solutions that analyze link redirects, not just the initial URL. 2. **Educate users**: Train your team to recognize malspam tactics, including the use of trusted domains. 3. **Deploy endpoint protection**: Ensure your antivirus and anti-malware tools can detect RATs even after they’re downloaded. 4. **Leverage antidetect browsers wisely**: While these tools help with privacy, they don’t replace robust security practices. Keep your system updated and avoid clicking suspicious links. ### The Bigger Picture This campaign highlights a growing trend: attackers using legitimate services to distribute malware. From Google DoubleClick to other ad networks, the goal is to stay under the radar. For professionals in the antidetect browser space, understanding these threats is critical. Remember, the best antidetect browser won’t save you if you click a malicious link. Stay skeptical, stay informed, and always prioritize security over convenience.