In this talk, we will show that despite all doubts, it is practical to implement malware inside SGX. Moreover, this malware uses the protection features of SGX to hide itself from all state-of-the-art detection mechanisms. We show that an unprivileged user can execute malware inside an SGX enclave that uses a cache attack to extract a secret RSA key from a co-located enclave. Our malware does not use any kernel component, privileges, or operating system modifications to proxy commands from the enclave. Instead, we built novel techniques to mount the attack without operating system support. For a code reviewer, our enclave code looks like a benign series of simple memory accesses and loops. We demonstrate that this attack is practical by mounting a cross-enclave attack to recover a full 4096-bit RSA key used in a secure signature process. This scenario can be found in real-world situations for Bitcoin wallets that are implemented inside SGX to protect the private key. With an SGX enclave, existing detection techniques (Herath and Fogh, BlackHat USA 2015) are not applicable anymore. The main takeaway is that SGX helps attackers in hiding their malware, without even requiring any privileges (i.e., no root privileges). Additionally, so-called double fetch bugs are problems in APIs which can often be exploited to hijack the program flow inside a higher-privileged domain, such as given by the enclave. We show that cache attacks can be used to dynamically detect such vulnerabilities in secure enclaves without access to its code or even the binary. Furthermore, the cache can be used as a primitive to reliably exploit such vulnerabilities, allowing to leak secrets such as private keys from enclaves. In our live demonstration, we show that SGX is not a miracle cure for badly written software and high-quality software is still required to protect secret information.