VoidLink is a cloud-native Linux malware framework that employs a hybrid Loadable Kernel Module (LKM) and eBPF architecture to achieve deep system concealment. It features advanced evasion techniques such as delayed initialization, an ICMP covert command channel, and eBPF-driven manipulation of Netlink sockets to hide network connections from diagnostic tools. Analysis indicates the framework was developed iteratively using AI-assisted workflows, highlighting a growing trend of LLM-facilitated malware creation.