Is it possible for a passive tap to be detected or avoided by a malware or sophisticated actor?

I have been using a passive tap for my home network for years now, until recently I had to be more careful in order to try and find or better say investigate a possible infection.

Now I did not find any anomaly on the traffic of the said machines after hours of monitoring (I did not try VPN on those machines to prevent the malware being able to avoid detection) but I am facing a serious dilemma,

I was wondering,

Is it technically possible for a malware, or a sophisticated attacker to detect the presence of a listening/monitoring passive network tap?

Is it possible for a malware, a backdoor, a privacy infringing or spying product like Intel management engine (the OS on the many Intel CPUs) to wait for a VPN connection, Tor, or presence of a secure proxy or tunnel to establish their connection, hence making passive taps practically fruitless?

I am grateful for this community and trying to help keep the world a little bit safer. Thank you everyone.