Yes.
Malware running in a VM can exploit bugs in the hypervisor (which runs as a privileged process on the host) to infect the host or other VMs.
See https://www.cnet.com/news/crisis-malware-targets-vmware-virtual-machines/#! for just one example.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Safety
- Thread starter mbpowner
- Start date
- Sort by reaction score
Malware running in a VM can exploit bugs in the hypervisor (which runs as a privileged process on the host) to infect the host or other VMs.
See https://www.cnet.com/news/crisis-malware-targets-vmware-virtual-machines/#! for just one example.
Potentially yes. Ransomware on guest could affect shared folders for example. You could download some OSX malware in your VM and then run it on your OSX host. There are also other ways apart from networking that malware can spread but again it is rather hypothetical.
http://superuser.com/questions/2890...solated-from-a-virus-infected-virtual-machine
I've never had malware that I'm aware of on either OSX or Windows (and I'm not particularly careful) and never even heard of malware crossing from Windows bootcamp or VM to OSX host. Of course it could happen so you'd be advised to make backups to a non-connected drive on a regular basis.
Crisis was not actually able to infect the host machine from within the VM. It was the other way around. It could infect a VM, after it had already infected the host machine.
In order for malware to jump from the VM to the host, one of two things would have to happen.
One is that the user would have to have set up a very insecure working environment... for example, allowing the system on the VM free write access to the entire user folder on the host Mac. Doing that could conceivably result in an infection, if there were malware capable of running on the virtualized system, detecting this situation and dropping a Mac payload into the right places in the user folder. To my knowledge, such malware does not exist.
The other is that there would have to be a serious bug in the VM to allow the virtualized system free access to the host system, plus the same requirement for theoretical malware capable of running in the VM and dropping a Mac payload through that bug. To my knowledge, neither of these situations exist.
Could one of those things happen? Sure. Theoretically.
Has it happened? No. As someone who has actually used VMs to run just about every piece of Mac malware from the last few years, I can say that with as much certainty as anyone can.
Have you ever got malware on the VM though (without it reaching the mac)? Or, have you just never received malware at all?
If you never received malware at all, you cant talk from experience
In the chance that @thomasareed doesn't get back right away -- He's been a Mac malware researcher for many years. So, yes, he has deliberately acquired all manner of malware for research purposes. His work has helped many users both to keep their machines clean and to clean compromised ones.
About Thomas from his website -- http://www.thesafemac.com/about/
I'm Director of Mac Offerings at Malwarebytes. Before I worked at Malwarebytes, I studied Mac malware on my own. As I mentioned in my previous post, I have used VMs to run nearly every single piece of Mac malware that has been distributed within the last few years. (Only one still evades me, an unnamed piece of malware that infected Macs through a vulnerability in MacKeeper.)
I have not just read about Mac malware, I have run it, experimented with it, written about it, and written code to detect and remove it. So I can speak from experience.
There is currently no Mac malware with the capability to self-replicate, much less with the ability to self-replicate and escape from the confines of a VM. As I said, it could in theory happen at some point... only a fool would suggest that it's impossible. But it hasn't ever happened yet.