Technologies for hardware assisted native malware detection include a computing device. The computing device includes one or more processors with hook logic to monitor for execution of branch instructions of an application, compare the monitored branch instructions to filter criteria, and determine whether a monitored branch instruction satisfies the filter criteria. Additionally, the computing device includes a malware detector to provide the filter criteria to the hook logic, provide an address of a callback function to the hook logic to be executed in response to a determination that a monitored branch instruction satisfies the filter criteria, and analyze, in response to execution of the callback function, the monitored branch instruction to determine whether the monitored branch instruction is indicative of malware. Other embodiments are also described and claimed.