VoidLink is an advanced malware framework designed for Linux systems, focusing on cloud and container environments. It includes custom loaders, implants, rootkits, and modular plugins for long-term access. The framework employs a flexible architecture with a Plugin API inspired by Cobalt Strike. VoidLink uses multiple security mechanisms, including runtime code encryption and adaptive behavior based on the detected environment. Developed by Chinese-affiliated developers, it demonstrates high technical expertise across multiple programming languages. The framework includes cloud-focused capabilities, credential harvesting, and various command-and-control channels. While its intended use remains unclear, VoidLink appears to be positioned for potential commercial use.