I've seen something like this in ChromeOS too, since both devices will use similar methodologies and technologies in their respective VMs. The attackers would glitch the VGA framebuffer, and the only way you can tell was your screen would show random garbage briefly. As the attack escalated, the glitches got worse until either the computer crashed or they accomplished their exfiltration. I think ChromeOS patched it a while ago, so I don't see it anymore. Attack vector was something like Chrome Browser -> (?) -> Framebuffer -> [Cross VMs to host].