Malware is not going to just always sit there and sing 🎶. Below are common techniques. More detailed explanation is in the anti-forensics section.
https://29a.ch/photo-forensics/#forensic-magnifier Images can be forged or cloned. Regions can be manipulated with. Hard to detect with naked eye.
Windows https://tyeyeah.github.io/2021/08/02/2021-08-02-Bypass-Anti-Virus/ macOS Linux
Alternative data stream Alternate data streams. Specific for Windows. See more here. Are there such streams for other OS?
macOS From Apple’s official documentation: In some cases, the contents of a volume are sufficiently secret that it is not appropriate to log them.
A software that could be used for anti-forensics. By default, configs are at /etc and named usbkill.