Check Point researchers have discovered a modular malware framework likely designed by Chinese developers to harvest credentials for cloud environments.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Check Point researchers discovered VoidLink, a sophisticated modular malware framework written in Zig that targets Linux cloud servers. The malware detects major cloud platforms (AWS, GCP, Azure, Alibaba, Tencent) and containerized environments (Docker, Kubernetes), adapting its behavior accordingly. It features 37 default plug-ins, a professional Chinese-localized C2 dashboard, and advanced evasion techniques including rootkit components, EDR detection, and encrypted C2 traffic hidden in image and web files. The framework calculates environment risk scores to select optimal stealth strategies, harvests cloud credentials and source code repository access, and appears designed for long-term surveillance and data collection in cloud environments.

Sophisticated VoidLink malware framework targets Linux cloud servers