Devcontainers (I know it's not a full VM, but it's most prominent version of this "isolated development environment" concept) wouldn't fully protect you against this. Github credentials are automatically pulled into the container. If you are using other cloud services that need to be accessed within the container, this cred stealer will grab their creds too.
It would limit the blast radius, which at least is an improvement.
This is one reason I have my own dev container script. And the container pulls nothing in except whatever I explicitly put in my .podman folder. It runs without any GitHub access at all. I do all of that from the host machine.