Researchers Unveil LAMLAD: LLM-Powered Adversarial Attacks Threaten Android Malware Detection

Global: Researchers Unveil LAMLAD: LLM-Powered Adversarial Attacks Threaten Android Malware Detection

In a newly posted preprint, a team of computer scientists introduced LAMLAD, a large‑language‑model (LLM) based adversarial attack framework designed to evade machine‑learning Android malware classifiers. The work, submitted to arXiv in December 2025, demonstrates how LLMs can generate realistic, functionality‑preserving feature perturbations that bypass detection systems while maintaining malicious behavior. The researchers aim to highlight vulnerabilities in current detection pipelines and to stimulate development of more robust defenses.

Attack Framework Overview

LAMLAD operates on Drebin‑style feature representations, a common format for Android malware analysis. By leveraging the generative capabilities of LLMs, the framework crafts subtle modifications to feature vectors that remain plausible to the classifier yet undermine its decision boundaries.

Dual‑Agent Architecture

The system comprises two cooperating agents: an LLM manipulator that proposes candidate perturbations, and an LLM analyzer that evaluates their impact on the target model. To enhance contextual relevance, the authors integrate retrieval‑augmented generation (RAG), allowing the agents to draw on external knowledge bases during the attack process.

Performance Evaluation

Experimental results reported in the abstract indicate that LAMLAD achieved an attack success rate (ASR) of up to 97% against three representative ML‑based Android malware detectors. On average, only three generation attempts were required per adversarial sample, suggesting high efficiency and practicality.

Comparison with Existing Methods

The authors compared LAMLAD with two state‑of‑the‑art adversarial techniques and found that LAMLAD consistently outperformed them in both success rate and query efficiency. The paper attributes these gains to the reasoning abilities of the LLM agents and the use of retrieval‑augmented prompts.

Proposed Defense Strategy

To mitigate the identified threat, the researchers suggest an adversarial training regimen that incorporates LAMLAD‑generated samples into the training set. According to the abstract, this approach reduced the ASR by more than 30% on average, indicating a measurable improvement in model robustness.

Implications for Future Security

The study underscores the emerging risk that generative AI poses to cybersecurity tools reliant on static feature analysis. By demonstrating a scalable, high‑success attack, the authors call for renewed emphasis on adaptive defenses, continuous model evaluation, and the integration of AI‑aware security practices.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.