"VoidLink, the newly spotted Linux malware that targets victims' clouds with 37 evil plugins, was generated "almost entirely by artificial intelligence" and likely developed by just one person, according to the research team that discovered the do-it-all implant. Last week, Check Point Research published a report on the never-before-seen malware samples, originally discovered in December, and said it seemed to be an in-progress framework - not a fully production-ready tool - that originated from a Chinese-affiliated development environment."
"Plus, it's packed with custom loaders, implants, rootkits, and numerous modules that provide attackers with a whole range of stealthy, operational-security capabilities, making it "far more advanced than typical Linux malware," Check Point said. In a new analysis published Tuesday, the security shop said the malware was likely not the product of a large, well-resourced development team, despite initially appearing that way."
VoidLink targets Linux-based cloud environments and automatically scans for AWS, Google Cloud Platform, Microsoft Azure, Alibaba, and Tencent. The implant includes 37 plugins along with custom loaders, implants, rootkits, and numerous modules that provide stealthy operational-security capabilities. Development artifacts indicate the framework reached a first functional implant in under a week. Internal development artifacts suggest the project originated in a Chinese-affiliated development environment and was planned with a 30-week timeline that did not match observed rapid development. The development plan and much of the code were generated and orchestrated by an AI model, likely under the direction of a single individual.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]