The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

VoidLink: An Emerging Cloud-Focused Linux Malware Framework

Jan 20, 2026 1:03:14 PM / by The Hivemind posted in Threat Bulletin, C2 framework, Linux malware framework, cloud-native malware, Zig programming language, Linux rootkit, adaptive stealth, VoidLink malware, Chinese threat actors, container escape

0 Comments

Verticals Targeted: None confirmed
Regions Targeted: None confirmed
Related Families: None

Executive Summary

VoidLink represents an advanced, modular Linux malware framework developed with apparent Chinese affiliation, emphasizing cloud and container environments for stealthy, persistent access. Designed as a comprehensive post-exploitation tool with adaptive evasion and a plugin-based architecture, it remains in active development with no observed real-world deployments to date.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More