TZUTC: -0500   
   MSGID: 1970.consprcy@1:2320/105 2dccec6f   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Experts warn this new Chinese Linux malware could be preparing something   
   seriously worrying   
      
   Date:   
   Wed, 14 Jan 2026 13:30:00 +0000   
      
   Description:   
   Check Point uncovers full C2 platform with loaders, implants, rootkits, and   
   modular plugins.   
      
   FULL STORY   
      
   Check Point Research (CPR) has uncovered a previously unknown and unusually   
   advanced Linux malware framework called VoidLink.    
      
   In an in-depth report , CPR says VoidLink is cause for concern since it is a   
   full command-and-control (C2) platform with loaders, implants, rootkits, and   
   more than 30 modular plugins.    
      
   All these features are designed to give attackers stealthy, persistent, and   
   long-term control over compromised systems, and were being developed as   
   recently as late 2025.   
      
   Hackers gearing up for something?    
      
   VoidLink is a cloud-first solution, CPR explained. After deployment, the   
   malware fingerprints its environment to determine if its running on AWS,   
   Azure, GCP, Alibaba, or Tencent Cloud, and whether it is inside Docker   
   containers or Kubernetes pods.    
      
   It then adapts its behavior, harvests cloud metadata, API credentials, Git   
   credentials, tokens, and secrets. All things considered, it would seem that   
   DevOps engineers and cloud admins are the most likely targets.    
      
   VoidLink is also extremely stealthy. It profiles the host system, detects   
   security tools, and calculates a risk score which then determines how   
   aggressively, or quietly, it is allowed to operate. On some systems, it will   
   scan ports and network communications. On others, it wont - all depending on   
   how well-guarded the target system is.    
      
   So far, there is no evidence that the framework is being abused in the wild,   
   CPR says. This could mean two things - the developers are either currently   
   building out the solution, with plans to offer it for sale (or rent) in the   
   future, or theyre developing it for a single, well-paying client.    
      
   In any case, the developers are Chinese, and likely state-affiliated, at    
   that. If that really is the case, then the framework is likely being    
   developed for cyber-espionage, data theft, and persistent access in mind.    
      
   "The sheer number of features and its modular architecture show that the   
   authors intended to create a sophisticated, modern and feature-rich   
   framework," Check Point researchers concluded.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/experts-warn-this-new-chinese-linux-mal   
   ware-could-be-preparing-something-seriously-worrying   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426