Researchers unsure of purpose of new VoidLink Linux malware

By
Follow google news

Could be advanced, commercial pentesting tool.

Check Point Software researchers have discovered what they say is a cloud-first malware framework aimed at Linux-based operating systems, with an unusually broad set of features, but they are not sure what its intended purpose is.

Researchers unsure of purpose of new VoidLink Linux malware

Named VoidLink by Check Point Research, in December last year the security vendor first indentified a small cluster of previously unnoticed Linux malware that seemed to originate from a China-affiliated development environment.

VoidLink has an "extremely flexible and highly modular" architecture that offers full command and control abilities, with over 30 plugins, operational security protection and an ability to recognise major cloud environments. 

No deployment of VoidLink has been observed so far, CPR said, adding that the framework could be a work-in-progress as the binaries it found had debug symbols in them, and other development artifacts.

"The framework's intended use remains unclear, and as of this [sic] writing, no evidence of real-world infections has been observed," CPR said.

"Although it is not clear if the framework is intended to be sold as a legitimate penetration testing tool, as a tool for the criminal underground, or as a dedicated product for a single customer, defenders should proactively secure their Linux, cloud, and container environments and be prepared to defend against advanced threats such as VoidLink," CPR said.

Either way, CPR said VoidLink is "an impressive piece of software, written in Zig for Linux, and it is far more advanced than typical Linux malware."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
check point softwaresecurityvoidlink framework

Sponsored Whitepapers

Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
The cloud tipping point
The cloud tipping point

Events

Most Read Articles

Researchers detail Bluetooth headphone attack that can hijack smartphones

Researchers detail Bluetooth headphone attack that can hijack smartphones
Patients fret as ManageMyHealth data breach drama plays out

Patients fret as ManageMyHealth data breach drama plays out
Aussie teenager charged with swatting US retailers and educational institutions

Aussie teenager charged with swatting US retailers and educational institutions
Services Australia to tap law enforcement data for staff security

Services Australia to tap law enforcement data for staff security
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?