Traditional injection requires creating a remote thread, which is a highly visible operation. Newer techniques avoid thread creation entirely:
Malicious DLLs are stored in dynamic memory locations rather than on disk, making it harder for signature-based detection systems to find them. undetected dll injector