A new malware strain named Speagle has been identified, which exploits the functionality and infrastructure of the legitimate Cobra DocGuard program to steal sensitive information. This sophisticated attack masks data exfiltration as normal communication between the client and server, as reported by The Hacker News.Speagle is designed to target only systems equipped with Cobra DocGuard, a document security and encryption platform. Researchers suspect this indicates a deliberate effort for intelligence gathering or industrial espionage, potentially by a state-sponsored actor or a private contractor. The malware leverages a compromised Cobra DocGuard server for command-and-control and data exfiltration. It also utilizes a Cobra DocGuard driver to facilitate its own deletion from infected systems.Once active, Speagle harvests system details and specific files, including browser history and autofill data. One variant has shown the capability to search for files related to Chinese ballistic missiles, such as the Dongfeng-27.Source: The Hacker News
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds