New Linux Threat VoidLink Uses Server-Side Rootkit Compilation and Zig Code to Target Cloud Environments

The Sysdig TRT team has identified VoidLink as a new Linux threat that employs server-side rootkit compilation and Zig code. This malware specifically targets AWS and Azure cloud environments with adaptive stealth capabilities. The analysis reveals that VoidLink represents a significant evolution in Linux threats, combining custom compilation techniques to evade detection in cloud infrastructures.