Here's the clever part defenders need to understand. netstat and ss query the kernel through com...

Summary

VoidLink is a sophisticated rootkit that leverages eBPF (extended Berkeley Packet Filter) to intercept and suppress Netlink messages, effectively hiding malicious network activity from both netstat and ss—tools that query the kernel through different interfaces. This dual-interface evasion technique represents an advancement in rootkit design that defeats common defensive detection mechanisms.

Indicators of Compromise

• malware — VoidLink

Entities