diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index 65d6a49..e60d69f 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -571,9 +571,37 @@ if command -v maldet &>/dev/null; then
     log_message "Detected: Maldet"
 fi
 
+# Track if rkhunter was auto-installed (for cleanup)
+RKHUNTER_TEMP_INSTALLED=false
+
 if command -v rkhunter &>/dev/null; then
     AVAILABLE_SCANNERS+=("rkhunter")
     log_message "Detected: Rootkit Hunter"
+else
+    # Auto-install rkhunter temporarily for this scan
+    log_message "RKHunter not found - installing temporarily..."
+    echo "→ Installing Rootkit Hunter (temporary, will be removed after scan)..."
+
+    if command -v yum &>/dev/null; then
+        # Ensure EPEL is available
+        if ! rpm -qa | grep -q epel-release; then
+            yum install -y epel-release &>/dev/null
+        fi
+
+        # Install rkhunter
+        yum install -y rkhunter &>/dev/null
+
+        if command -v rkhunter &>/dev/null; then
+            # Update definitions and initialize baseline
+            rkhunter --update &>/dev/null
+            rkhunter --propupd &>/dev/null
+
+            AVAILABLE_SCANNERS+=("rkhunter")
+            RKHUNTER_TEMP_INSTALLED=true
+            log_message "RKHunter installed temporarily"
+            echo "  ✓ RKHunter installed (will be removed after scan)"
+        fi
+    fi
 fi
 
 if [ ${#AVAILABLE_SCANNERS[@]} -eq 0 ]; then
@@ -772,6 +800,19 @@ else
     echo ""
 fi
 
+# Cleanup: Remove rkhunter if it was temporarily installed
+if [ "$RKHUNTER_TEMP_INSTALLED" = "true" ]; then
+    log_message "Removing temporarily installed RKHunter..."
+    echo ""
+    echo "→ Cleaning up: Removing Rootkit Hunter..."
+
+    if command -v yum &>/dev/null; then
+        yum remove -y rkhunter &>/dev/null
+        echo "  ✓ RKHunter removed"
+        log_message "RKHunter successfully removed"
+    fi
+fi
+
 log_message "Scan session ended"
 STANDALONE_EOF