It wouldn't be undeletable, it would just involve booting into a recovery volume (either the automatic Apple recovery partition or a user supplied volume).
Since all System locations will now be signed (as part of the move to SIP), it means that the basic Apple recovery partition will be able to purge any such malware by a simple signature verification.
Does it actually do that? I haven't heard of it... But just reinstalling the OS accomplishes the same, slightly less quickly. Of course, if the malware is nasty enough, it might modify user settings to make a program run automatically, e.g., by adding it as a startup item, which, unless that OS reinstall included a patch, could then exploit the bug again and reinstall itself to the system locations. Not much Apple can do about that.
Since all System locations will now be signed (as part of the move to SIP), it means that the basic Apple recovery partition will be able to purge any such malware by a simple signature verification.