I'm a malware researcher and reverse engineer for a living. This is absolutely true, but oversimplified. Focus on
>They don't want to get caught and avoid computers that have security analysis or anti-malware tools on them.
Malware doesn't want to run in a sandbox environment (or in general when observed), because doing malicious things in the AV sandbox is a straight way to get blocked, and leaks C2 servers and other IoCs immediately. That's why most malware families[1] at least try to check if the machine they're running on is a sandbox/researcher pc/virtual machine.
I assume this is what this tool does. We joke at work that the easiest thing to do to make your windows immune to malware is to create a fake service and call it VBoxSVC.
[1] except, usually, ransomware, because ransomware is very straightforward and doesn't care about stealth anyway.