Docker Desktop for Mac is blocked by fake malware alerts

Docker issued a warning that macOS cannot use Docker Desktop because some files are signed with the wrong code signing certificate.

The first notification about this malware appeared on January 7, 2025, when MacOS users unexpectedly received a “Malware Blocked” message that prevented them from running the Docker container management application.

“Malware Blocked. ‘com.docker.vmnetd’ cannot be accessed because it contains malware. ‘This action does not harm your Mac,’ Mac warning notification.”

Figure 1. “Malware Blocked” warning notification

The vendor clarified that the warning was incorrect and should be ignored by the users. However, to resolve the operational issue, which is still ongoing as of the writing of this article, manual intervention is required.

“We would like to inform you about a new issue affecting Docker Desktop for some macOS users.” This causes Docker Desktop to be unable to run,” said Docker in an issue published on GitHub.

Some users may also receive malware warnings. The warning is inaccurate.

The main cause of this inaccurate malware message is the incorrect code signing certificate used on several files in the existing installation, which can lead to a failure in file integrity checks.

Figure 2. Docker service status page

How to fix it:

Because Docker is still investigating this incident, here are ways to handle the malware alert:

Upgrade Docker Desktop to version 4.37.2, which has permanent fixes. You can use the updater tool in the application or download the update manually.

By selecting the correct release from here, add the older versions to 4.32 to 4.36. This issue does not affect Docker version 4.28 or earlier versions.

If the malware warning still appears after updating or patching, follow the resolution steps provided in this guide.

As long as Docker Desktop has been upgraded to version 4.37.2 or the patch has been applied to the previous version, IT administrators can use this script to resolve the issue for all developers and users.

Administrators can also resolve issues manually. To do this, you need to stop the Docker, vmetd, and socket services, remove the socket and vmnetd binaries, and install new binaries that are expected to have the correct signatures. Finally, restart the Docker Desktop application.

Docker has published a document here for complete information about the available solutions and how to use them.

As of the time this article was written, the Docker status page still indicates that this issue is causing partial service disruption on client machines, and the success rate of the currently released patch is being evaluated.

Source:
https://github.com/docker/for-mac/issues/7527
https://www.bleepingcomputer.com/news/security/docker-desktop-blocked-on-macs-due-to-false-malware-alert/
https://forums.docker.com/t/malware-blocked-com-docker-vmnetd-was-not-opened-because-it-contains-malware/145930c
https://www.dockerstatus.com/