New Linux malware targets the cloud, steals creds, and then vanishes

New Linux malware targets the cloud, steals creds, and then vanishes
Cloud-native, 37 plugins … an attacker's dream

Jessica Lyons
Wed 14 Jan 2026 // 20:39 UTC

A brand-new Linux malware named VoidLink targets victims' cloud infrastructure with more than 30 plugins that allow attackers to perform a range of illicit activities, from silent reconnaissance and credential theft to lateral movement and container abuse.

When VoidLink detects tampering or malware analysis on an infected machine, it can delete itself and invoke anti-forensics modules designed to remove traces of its activity.

In December, Check Point Research discovered the previously unseen malware samples written in Zig for Linux and appearing to originate from a Chinese-affiliated development environment with a command-and-control interface localized for Chinese operators.

The developers referred to it internally as "VoidLink," and the samples seemed to indicate an in-progress malware framework rather than a finished tool.

Snip...

https://www.theregister.com/2026/01/14/voidlink_linux_malware/