Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Summary
A new malspam campaign is distributing the DesckVB RAT by leveraging Google's DoubleClick domain. This tactic aims to evade security detection by routing malicious lures through a legitimate, trusted Google service before reaching attacker-controlled infrastructure.
IFF Assessment
FOE
This campaign utilizes a sophisticated evasion technique, making it harder for defenders to detect and block malicious activity.
Defender Context
Defenders need to be aware of campaigns that abuse trusted domains like Google's DoubleClick for malicious purposes. This requires enhanced scrutiny of traffic routed through seemingly legitimate services and robust endpoint detection capabilities to identify the DesckVB RAT.