Which type of malware actively alters service call interruptions to hide from anti-virus programs?

Stealth/Tunneling malware focuses on hiding itself by tampering with how the operating system answers security tools. It intercepts or tunnels service calls and API requests that antivirus software relies on, returning false or misleading information so the scanner doesn’t see the malware. This direct manipulation of the OS call responses lets the malicious code remain undetected while it runs. Polymorphic viruses mutate their code to evade signature detection but don’t specifically hide by intercepting system calls. Trojan horses rely on deceptive appearances rather than call interception, and rootkits hide artifacts by deeper OS/kernel manipulation, whereas the particular mechanism described—altering service call interruptions to evade AV—is the hallmark of stealth/tunneling.