Hiding Malware in Docker Desktop's virtual machine

Presented at Kawaiicon 2 (2022) Rescheduled, July 1, 2022, 5 p.m. (30 minutes).

I've gone and done it this time. I was looking for a way to "not get caught for a year", and I found a brand new way of hiding malware on macOS. You know Docker Desktop? The software developers have on their macOS laptops? Did you know that, on macOS, it runs a Linux Virtual Machine (VM) on your computer when you run it? I didn't know that, until I hid malware in the VM. Any monitoring software can't see you, because you're hidden in the VM. But you can still do all your Crime Activities, because it's a very, very special VM.

You don't need to know what Docker is or anything to understand this talk! I will take your hand and guide you metaphorically through the circus carnival, returning you safely on the other side, having changed.


Presenters:

  • "Alex" / mangopdf as @mangopdf
    "Alex" works on the Red Team at Atlassian, committing cybercrimes and then writing very, very detailed confession letters. They've recently started an experimental security research group, Icarus Labs, which is responsible for the Content we're going to see today. They're known for one time using darknet hacking tool "Inspect Element" to find the passport number of former Australian Prime Minister, Tony Abbott, inadvertently entering into the Do Not Get Arrested Challenge. You can read about that story at https://mango.pdf.zone. In 1633 "Alex" was excommunicated by the Catholic Church for insisting the Earth revolves around the sun.

Links:

Similar Presentations: