Making malware look like legitimate software to fool detectors

This paper demonstrates a targeted adversarial attack against ML-based malware detectors that classifies Windows executables. Rather than simply evading detection, the attack causes malware to be misclassified as a specific benign software category by injecting API imports characteristic of that category. A Conditional Variational Autoencoder with an additive-only decoder preserves malware functionality while introducing benign-looking API calls; a knowledge-distilled proxy enables gradient-based attacks against non-differentiable ensemble detectors. On a 3,799-file dataset, adding 20 API imports drops detection recall from 87.5% to 30%, with 99% of evaded samples classified as the intended benign target. The attack transfers to commercial VirusTotal engines. This reveals concrete vulnerabilities in API-based malware classifiers.