A new Linux malware framework called VoidLink has been identified, designed with a modular structure focused on infiltrating cloud environments and Linux systems. Its sophisticated features suggest it may be geared toward espionage or supply-chain attacks targeting software engineers. #VoidLink #LinuxMalware #CloudSecurity #CobaltStrike
Keypoints
- VoidLink is a highly modular Linux malware framework targeting cloud environments and container systems.
- The framework includes custom loaders, implants, rootkits, and an API inspired by Cobalt Strike.
- It can identify major cloud platforms such as AWS, GCP, Azure, Alibaba, and Tencent, and adapt its behavior accordingly.
- VoidLink supports multiple C&C channels including HTTP, ICMP, DNS tunneling, and P2P communication.
- Operators control the malware via a Chinese-localized dashboard, deploying various post-exploitation plugins.
Read More: https://www.securityweek.com/voidlink-linux-malware-framework-targets-cloud-environments/