VoidLink Malware Puts Cloud Systems on High Alert With Custom Built Attacks

Sysdig TRT analysis reveals VoidLink as a revolutionary Linux threat. Using Serverside Rootkit Compilation and Zig code, it targets AWS and Azure with adaptive stealth.

A highly adaptable threat named VoidLink is putting cloud environments on high alert. First brought to light by Check Point Research on January 14, 2026, and reported by hackread.com, this Chinese-developed framework is designed to infiltrate critical business infrastructure.

The Breakthrough: Serverside Rootkit Compilation (SRC)

Following the discovery, the Sysdig Threat Research Team (TRT) identified a ground-breaking technical feature: Serverside Rootkit Compilation (SRC). Typically, hackers face a portability problem, where a virus built for one version of Linux crashes on another.

VoidLink solves this by not including a rootkit in the initial download. Instead, its Command-and-Control (C2) server compiles a custom rootkit on demand for each specific victim. The malware profiles the exact kernel version of the infected machine and sends those details to ...