VoidLink: The Cloud-Native Malware Framework Weaponizing Linux Infrastructure
Check Point, Tuesday, January 13th, 2026
Check Point Research has identified a new and highly advanced malware framework, VoidLink, designed specifically to operate inside modern Linux-based cloud environments.
Key Points:
VoidLink is a cloud-native Linux malware framework built to maintain long-term, stealthy access to cloud infrastructure rather than targeting individual endpoints.
It reflects a shift in attacker focus away from Windows systems toward the Linux environments that power cloud services and critical operations.
Its modular, plug-in-driven design allows threat actors to customize capabilities over time, expanding attacks quietly as objectives evolve.
Adaptive stealth enables it to operate differently depending on defenses, prioritizing evasion in monitored environments and speed where visibility is limited.