Researchers found a sophisticated malware framework called VoidLink that targets Linux machines, particularly in cloud environments. It has over 30 customizable modules for reconnaissance, privilege escalation, and stealth, indicating a shift towards targeting Linux systems by professional threat actors.

VoidLink is a sophisticated malware framework targeting Linux systems, designed for stealthy, long-term access in cloud environments. It features a flexible architecture with over 30 plugins, capable of adapting its behavior based on the detected environment and employing various evasion techniques. The framework is linked to Chinese-affiliated developers and shows signs of rapid evolution.