Symantec is warning companies not to become complacent on security when using virtual machines, despite only one in five malware samples being able to detect them.
Viruses that discover they are running on virtual machines will often stop executing code, which has led some to believe they are immune from attack when using them.
Candid Wueest, threat researcher at Symantec, said: "Malware authors have realized that it is suspicious when an application detects that it is running on a VM, so they have stopped using those features in recent years.
"Malware authors want to compromise as many systems as possible, so if malware does not run on a VM, it limits the number of computers it could compromise."
Viruses sometimes do not execute immediately in order to bypass security, either waiting for a computer to restart itself, or acting after a set number of mouse clicks.
"Along with applying traditional security practices, administrators need to pay particular attention to virtual connections between guest virtual machines themselves," Wueest said.
"These connections might be invisible to traditional network security devices as they are not aware of them."
Malware samples investigated by the company showed those with the ability to detect virtual machines spiked at 28% during the start of the year, but the rate has remained fairly consistent since 2012, at around 20%.