A newly discovered malware named Speagle is turning trusted security software into a covert data exfiltration channel.
According to researchers from Symantec and Carbon Black, the malware specifically targets systems running Cobra DocGuard and silently collects sensitive data. What makes this campaign particularly dangerous is how the stolen information is transmitted—through compromised DocGuard servers—making the traffic appear legitimate and difficult to detect.
This isn’t your usual spray-and-pray attack. Speagle is picky, it only shows up where Cobra DocGuard is running, which basically screams “this was planned.” Researchers are calling this campaign Runningcrab, and the vibe isn’t random hacker chaos, it looks more like something backed by a government or a hired cyber crew doing intel work.
This level of precision suggests potential industrial espionage, rather than financially motivated cybercrime.
By blending malicious activity with trusted application behavior, attackers can remain undetected for extended periods, quietly extracting valuable data.
For organizations, this incident highlights a critical shift in the threat landscape, even trusted software can become an attack vector.
Security teams should:
- Monitor unusual behavior within legitimate applications
- Avoid assuming trusted tools are inherently safe
- Ensure systems and software are regularly updated
- Speagle is a reminder that modern attacks don’t always break systems—they blend into them.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn, Youtube and Instagram to keep the spark alive.
