VoidLink AI-generated malware development analysis
Technical Analysis
Summary
Hide ▲
Show ▼
VoidLink is a Linux-based C2 framework with multi-cloud targeting and modular implants built for credential theft, data exfiltration and stealthy persistence. New analysis from Ontinue adds that the agent includes LLM-assisted development artefacts such as “Phase X:” labels, verbose debug logs and embedded documentation, while still operating as an implant with live infrastructure. The malware fingerprints AWS, Google Cloud Platform, Microsoft Azure, Alibaba Cloud and Tencent Cloud, and uses AES-256-GCM over HTTPS for C2 traffic.
Related Happenings
AWS Continuum launches AI-powered vulnerability management lifecycle platform
Security Tool/Service
H score14
First: 19.06.2026 14:00
Last: 19.06.2026 14:00
Sources 1
About this happening:
**AWS Continuum** launched in **gated preview** as a new **AI-powered vulnerability management platform** for AWS environments, expanding security teams’ ability to manage code fl...
AWS Continuum launches AI-powered vulnerability management lifecycle platform
Security Tool/ServiceAbout this happening: **AWS Continuum** launched in **gated preview** as a new **AI-powered vulnerability management platform** for AWS environments, expanding security teams’ ability to manage code fl...
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/Service
H score20
First: 28.05.2026 12:55
Last: 28.05.2026 12:55
Sources 1
About this happening:
Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/ServiceAbout this happening: Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Quasar Linux (QLNX) Linux RAT targeting developer credentials
Malware Activity
H score28
First: 06.05.2026 12:48
Last: 06.05.2026 12:48
Sources 1
About this happening:
The **Quasar Linux (QLNX)** RAT has been identified as a **Linux backdoor** that can steal **developer credentials** and compromise software-supply-chain publishing pipelines. It...
Quasar Linux (QLNX) Linux RAT targeting developer credentials
Malware ActivityAbout this happening: The **Quasar Linux (QLNX)** RAT has been identified as a **Linux backdoor** that can steal **developer credentials** and compromise software-supply-chain publishing pipelines. It...
Gemini Enterprise Agent Platform launch adds agent identity, policy enforcement, and anomaly detection controls
Security Tool/Service
H score11
First: 23.04.2026 15:00
Last: 23.04.2026 15:00
Sources 1
About this happening:
Google Cloud expanded **Gemini Enterprise Agent Platform** with new security controls for **AI agents**, giving organizations more visibility and policy enforcement for autonomous...
Gemini Enterprise Agent Platform launch adds agent identity, policy enforcement, and anomaly detection controls
Security Tool/ServiceAbout this happening: Google Cloud expanded **Gemini Enterprise Agent Platform** with new security controls for **AI agents**, giving organizations more visibility and policy enforcement for autonomous...
Zealot autonomous AI cloud intrusion proof of concept
Technical Analysis
H score28
First: 23.04.2026 13:09
Last: 23.04.2026 13:09
Sources 1
About this happening:
**Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
Zealot autonomous AI cloud intrusion proof of concept
Technical AnalysisAbout this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
Timeline
-
21.01.2026 14:51 3 articles · 5mo ago
VoidLink AI-built analysis by Check Point Research
Technical Analysis UpdateCheck Point Research concluded that VoidLink, a Linux malware targeting Linux-based cloud servers, was largely built by AI under one person’s direction, with over 30 modular plugins and exposed planning documents indicating a planned 30-week effort that appeared to have progressed from concept to a working malware framework in about four weeks.
Show sources
- VoidLink Linux Malware Was Built Using an AI Agent, Researchers Reveal — www.infosecurity-magazine.com — 21.01.2026 14:51
- VoidLink Linux Malware Was Built Using an AI Agent, Researchers Reveal — www.infosecurity-magazine.com — 21.01.2026 14:51
- VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code — www.infosecurity-magazine.com — 09.02.2026 17:25