I have remembered that I have installed electrum firts in Windows, I generated the seed in Windows, and when installed electrum in Linux, I have restored the wallet using the seed generated en Windows.
With the additional information you have provided, we can say that this is now the most likely route of your seed phrase being compromised. As bob123 has said, running a VM does not necessarily protect the contents of the VM from malware or attacks on your host system. As soon as you have to type your seed in to any device with an internet connection, you should consider it compromised and move your funds to a new wallet.