Could Machine Folder leak identity?

Was reading through VirtualBox Administrator’s guide: "3.1.1. The Machine Folder

By default, each virtual machine has a directory on your host computer where all the files of that machine are stored: the XML settings file, with a .vbox file extension, and its disk images. This is called the machine folder.

By default, this machine folder is located in a common folder called VirtualBox VMs, which Oracle VM VirtualBox creates in the current system user’s home directory. The location of this home directory depends on the conventions of the host operating system, as follows:

  • On Windows, this is the location returned by the SHGetFolderPath function of the Windows system library Shell32.dll, asking for the user profile. A typical location is C:\Users\username."

My question is this: Could some malware potentially get your username and leak your identity if your username is your real name?

You can see machine folder also in Whonix workstation and gateway in bottom right screen, moving your curson on the “Controller” icon.



Yes, if malware is running on the host operating system for sure, yes.

From the information that one (human or malware) can gather from inside VMs, the host user account name was unavailable inside the VM, which is very good. Here’s Whonix’s research on that topic:

I am not aware any methods explaining how the host operating system user name could leak into VMs which would be bad.

Well, Virtual machine escape - Wikipedia but then you have bigger issues.