CometSoul

make IT easy

  • Bahasa Indonesia
  • English

    • Advanced VoidLink Linux Malware Targets Cloud and Container Environments

    by

    Juni Artawan
    in

    Cybersecurity researchers have uncovered a new and highly advanced Linux malware framework called VoidLink, designed specifically to operate in cloud and container environments. First discovered in December 2025, this malware is considered a serious threat due to its ability to remain hidden and active for long periods.

    According to a report from Check Point Research, VoidLink uses a modular and flexible architecture made up of custom loaders, implants, rootkit components, and dozens of plugins. This design allows attackers to easily expand or change the malware’s capabilities over time, similar to advanced attack frameworks such as Cobalt Strike.

    VoidLink is built with a cloud-first approach. It can detect major cloud platforms, including AWS, Google Cloud, Microsoft Azure, Alibaba Cloud, and Tencent Cloud. The malware can also recognize when it is running inside Docker containers or Kubernetes pods and adjust its behavior accordingly, making it well-suited for modern infrastructure.

    The malware offers a wide range of capabilities, such as stealing cloud credentials, SSH keys, API tokens, and Git-related data. It supports multiple command-and-control (C2) channels, including HTTP, DNS tunneling, and peer-to-peer communication. Attackers can manage infected systems through a web-based dashboard that enables full control over files, tasks, and plugins.

    Check Point describes VoidLink as far more advanced than typical Linux malware. It includes strong anti-detection features, can erase traces of its activity, and even modify its own code to evade security tools. The framework also analyzes the target environment’s security level and automatically adapts its evasion strategy. Researchers believe VoidLink is linked to China-affiliated threat actors.

    This discovery highlights a growing shift in cyberattacks toward Linux-based cloud and container systems, which are now critical to modern IT operations. Organizations are strongly advised to strengthen cloud security, limit access permissions, and continuously monitor for suspicious activity to reduce the risk of compromise.

    Source: https://thehackernews.com/2026/01/new-advanced-linux-voidlink-malware.html