What Happened
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as
Why It Matters
The article describes a malspam campaign that abuses Google's DoubleClick advertising domain to evade security controls and deliver the DesckVB remote access trojan (RAT). The core technique is traffic laundering through a highly trusted, legitimate domain before handing off to attacker-controlled infrastructure, enabling stealthier initial access. While the report itself does not focus on AI, CyberSE.AI analysis notes that similar trusted-redirect and traffic-laundering patterns can be repurposed to deliver malicious AI tools, poisoned AI components, or instructions targeting AI agents. Organizations should red team their email, web, and agent-facing workflows for abuse of trusted third-party domains as covert delivery channels for malicious automation or AI-integrated malware.
CyberSE Analysis
This signal maps to malicious AI use. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.
Source
https://thehackernews.com/2026/06/google-doubleclick-abused-in-new.html