This is already reality. So called "red pills" allow malware to find out if its are running in an emulator or virtual machine.
Here's a paper that describes automatically generating such red pills:
"A fistful of red-pills: how to automatically generate procedures to detect cpu emulators" by R. Paleari, L. Martignoni, G. F. Roglia, and D. Bruschi
The authors found more than 23k red-pills to detect QEMU and/or BOCHS.