New Malware Targets Users of Cobra DocGuard Software
Essential information
- Published
- 19/03/2026 11:00
- Modified
- 19/03/2026 13:54
- Tags
- 2026-03-19 ballistic missiles cobra docguard data exfiltration evasion techniques infostealer.speagle korplug plugx supply chain attack
- Related entities
- 7 observables, 1 intrusion sets (apt), 20 techniques (mitre), 3 malware, 4 others
Description
A novel and stealthy threat called Infostealer.Speagle has been discovered, hijacking the functionality of Cobra DocGuard, a legitimate security software. This malware collects sensitive information from infected computers and transmits it to a compromised Cobra DocGuard server, masking the data exfiltration as legitimate communications. Speagle specifically targets computers with Cobra DocGuard installed and has shown capabilities to search for documents related to Chinese ballistic missiles. The infection vector remains unknown, but there are indications of a possible supply chain attack. The malware collects system information, file listings, and browser data in multiple phases, using sophisticated techniques to evade detection and self-delete after completing its tasks.