Researchers have identified a new type of malware called VoidLink that specifically targets Linux machines. Unlike typical Linux threats, VoidLink incorporates over 30 customizable modules, allowing attackers to tailor their approach based on specific goals for each infected system. These modules enhance stealth and provide tools for reconnaissance, privilege escalation, and lateral movement within networks. The flexibility of adding or removing components makes it particularly adaptable during a cyber campaign. VoidLink has the capability to identify infected machines running in major cloud environments like AWS, GCP, Azure, Alibaba, and Tencent, with plans to include detection for Huawei, DigitalOcean, and Vultr in future updates. It accomplishes this by accessing metadata through the relevant vendor's API. This marks a significant shift, as while malware targeting Windows servers has been prevalent for years, similar threats for Linux are less common. Check Point researchers emphasize that VoidLink is notably advanced compared to typical Linux malware, suggesting a growing focus on Linux systems and cloud infrastructures by attackers. The design of VoidLink indicates a level of sophistication and planning typically associated with professional threat actors. This raises concerns for organizations that might remain unaware of their compromised systems, as the malware is built for long-term, stealthy access, especially in public cloud and containerized environments.