It Would be easy for just a malicious entity to modify a Kali installation to include exploits or malware and host it unofficially. In fact This can be finished, we conserve, initiate the VM, after which go on installing Kali Linux as we Typically would for the bare metallic put https://www.youtube.com/watch?v=7yoEpl90KUg