Email-Security on ZX Cloud Securityhttps://zxcloudsecurity.co.uk/tags/email-security/Recent content in Email-Security on ZX Cloud SecurityHugoen-GBWed, 03 Jun 2026 16:29:16 +0000Google DoubleClick Abused to Deliver DesckVB RAThttps://zxcloudsecurity.co.uk/posts/google-doubleclick-abused-malspam-deskvb-rat-delivery/Wed, 03 Jun 2026 16:29:16 +0000https://zxcloudsecurity.co.uk/posts/google-doubleclick-abused-malspam-deskvb-rat-delivery/A new malspam campaign exploits Google's trusted DoubleClick domain to bypass security tools and deliver the DesckVB remote access trojan to victims.🟠 High  |  Source: The Hacker News

Attackers are exploiting Google’s DoubleClick ad-serving domain as a redirect hop in malicious email campaigns, using its trusted reputation to bypass security filters before delivering the DesckVB remote access trojan. Because many email and web security tools whitelist or deprioritise scrutiny of well-known Google-owned domains, the technique significantly increases the likelihood of successful delivery. Once installed, a RAT gives attackers persistent remote control over the victim’s machine.

Architect’s Take: Review your email and web proxy security policies to ensure that redirects through trusted domains — including Google-owned properties like DoubleClick — are still subject to full URL chain inspection and sandbox detonation. Consider enforcing policies that follow and evaluate the final destination URL rather than trusting the initial domain at face value.

Original advisory: Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

]]>Google DoubleClick Abused to Deliver DesckVB RAThttps://zxcloudsecurity.co.uk/posts/google-doubleclick-abused-malspam-d%D0%B5%D1%81kvb-rat-delivery/Wed, 03 Jun 2026 16:29:16 +0000https://zxcloudsecurity.co.uk/posts/google-doubleclick-abused-malspam-d%D0%B5%D1%81kvb-rat-delivery/Attackers are exploiting Google's trusted DoubleClick domain to bypass email security filters and deliver the DesckVB remote access trojan via malspam.🟡 Medium  |  Source: The Hacker News

Attackers are exploiting Google’s DoubleClick ad-serving domain as a redirect layer in malicious spam emails, using its trusted reputation to bypass security filtering tools before routing victims to attacker-controlled infrastructure that delivers the DesckVB remote access trojan. Because DoubleClick is a widely trusted Google domain, many email and web security products will not flag the initial link as suspicious. This technique is a growing trend of abusing legitimate cloud services to obscure the early stages of an attack chain.

Architect’s Take: Review your email and web proxy security controls to ensure they inspect the full redirect chain rather than trusting links solely based on the root domain — allowlisting DoubleClick or similar Google domains without inspecting downstream redirects creates a blind spot. Consider enforcing URL rewriting and sandboxed link-following in your email security gateway, and ensure endpoint detection controls are tuned to flag RAT behaviour post-delivery.

Original advisory: Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

]]>