Speagle Malware Hijacks Cobra DocGuard to Exfiltrate Data via Compromised Legitimate Servers
20 Mar 2026 Peter Bassill
Symantec and Carbon Black researchers have uncovered Speagle, a novel parasitic malware that abuses the Cobra DocGuard document security platform to harvest sensitive data and exfiltrate it through the software's own compromised server infrastructure — masking malicious traffic as legitimate client-server communications. The campaign, tracked as Runningcrab, appears to specifically target organisations with Cobra DocGuard installed.