"When VoidLink detects tampering or malware analysis on an infected machine, it can delete itself and invoke anti-forensics modules designed to remove traces of its activity. In December, Check Point Research discovered the previously unseen malware samples written in Zig for Linux and appearing to originate from a Chinese-affiliated development environment with a command-and-control interface localized for Chinese operators. The developers referred to it internally as "VoidLink," and the samples seemed to indicate an in-progress malware framework rather than a finished tool."
"After infecting a victim's machine, it scans for and detects AWS, Google Cloud Platform, Microsoft Azure, Alibaba, and Tencent, and its developers plan to add detections for Huawei, DigitalOcean, and Vultr. While malware operators have traditionally focused on Windows-based systems, VoidLink's cloud-first focus is significant. Government agencies, global enterprises, critical infrastructure and other high-value attack targets increasingly run on cloud-based services"
VoidLink is a Linux-focused malware framework built with more than 30 plugins enabling silent reconnaissance, credential theft, lateral movement, container abuse and other illicit actions. Samples written in Zig for Linux indicate a Chinese-affiliated development environment and a command-and-control interface localized for Chinese operators. The developers named the tool VoidLink and the samples suggest a work-in-progress framework rather than a finished product. The malware can detect numerous public cloud providers, including AWS, GCP, Azure, Alibaba and Tencent, with plans to add others. VoidLink can self-delete when tampering is detected and invokes anti-forensics modules to remove traces. No confirmed real-world infections have been observed.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]