New Linux malware targets the cloud, steals creds, and then vanishes

A brand-new Linux malware named VoidLink targets victims' cloud infrastructure with more than 30 plugins that allow attackers to perform a range of illicit activities, from silent reconnaissance and credential theft to lateral movement and container abuse. 

When VoidLink detects tampering or malware analysis on an infected machine, it can delete itself and invoke anti-forensics modules designed to remove traces of its activity.

In December, Check Point Research discovered the previously unseen malware samples written in Zig for Linux and appearing to originate from a Chinese-affiliated development environment with a command-and-control interface localized for Chinese operators.

The developers referred to it internally as "VoidLink," and the samples seemed to indicate an in-progress malware framework rather than a finished tool. 

"The framework's intended use remains unclear, and as of this writing, no evidence of real-world infections has been observed," the research team said in a Tuesday report. "The way it ...