First, most malware is not that sophisticated. While some does vm detection, most (as is the case here) does not. Second, VM detection is an arms race. See for example the vmcloak project. Third, with the rise of BYOD and VDI, vm detection is less common in sophisticated malware as the target is frequently virtualized. Fourth, vm detection is harder for arm than x86. Fifth, vm detection detection via static analysis is very effective.