An undocumented Linux backdoor called GhostPenguin was discovered using AI-driven threat hunting. This multi-threaded C++ malware provides remote shell access and file system operations over an encrypted UDP channel. It uses a structured handshake mechanism and synchronizes threads for registration, heartbeat signaling, and command delivery. The discovery involved analyzing zero-detection Linux samples from VirusTotal, extracting artifacts, and using AI for automated profiling. Custom YARA rules and queries helped surface this evasive threat. Analysis revealed GhostPenguin is still in development, with debug artifacts present. The malware's comprehensive capabilities include remote shell access, file manipulation, and directory operations.