Abstract: Machine learning-based Android malware detectors are vulnerable to black-box adversarial attacks, yet existing methods typically suffer from low query efficiency and limited transferability.