Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework

**Executive summary:** Check Point Research describes VoidLink, a rapidly evolving, cloud-first Linux malware framework written in Zig that provides a modular plugin system, kernel- and user-mode rootkits (LD_PRELOAD, LKM, eBPF), adaptive evasion, multiple C2 transports (HTTP/HTTPS, DNS, ICMP, mesh), credential- and secret-harvesting modules, and an operator dashboard with build-on-demand capabilities; while highly capable and potentially commercially intended, the report notes development artifacts and no confirmed real-world infections to date.