What would a "malicious application of hypervisor" look like? How would that be different from a "malicious application of hardware"?
Generally speaking, we're talking "grey boxes" here, I imagine. And, I guess, I'd expect either unwanted internet traffic or unwanted radio traffic. Detection of either is probably better done with specialized hardware than with introspective software? But maybe you had some other form of maliciousness in mind? Thanks, -- Raul