VoidLink: Cloud-Native Linux Malware Framework

VoidLink is a sophisticated, cloud-native Linux malware framework identified by Check Point Research in 2025. It is designed for stealthy, long-term access, surveillance, and data collection in modern cloud environments. The malware can detect major cloud providers, recognize when it is running inside Kubernetes or Docker, and harvest credentials from cloud environments and version control systems. VoidLink features rootkit-style capabilities, an in-memory plugin system, adaptive stealth, and multiple command-and-control channels. It also includes a web-based dashboard for operators to control agents, implants, and plugins, with a plugin management panel to deploy modules to victims.