To address the persistent performance degradation of Android malware detectors caused by concept drift, this paper introduces test-time adaptation (TTA) to the domain for the first time, proposing a lightweight, unsupervised online adaptation method. Built upon an encoder-decoder architecture, the method performs self-supervised fine-tuning using only a small number of unlabeled test samples, dynamically optimizing feature representations during inference to simultaneously enhance discrimination against both historical and emerging malware. Its core innovation lies in mitigating concept drift without human annotation, with low computational overhead and real-time responsiveness. Experimental results on continual detection tasks demonstrate an average accuracy improvement of 7.2% over state-of-the-art baselines. Moreover, the method is orthogonal to existing drift-resilient techniques and can be seamlessly integrated with them.

We present MADCAT, a self-supervised approach designed to address the concept drift problem in malware detection. MADCAT employs an encoder-decoder architecture and works by test-time training of the encoder on a small, balanced subset of the test-time data using a self-supervised objective. During test-time training, the model learns features that are useful for detecting both previously seen (old) data and newly arriving samples. We demonstrate the effectiveness of MADCAT in continuous Android malware detection settings. MADCAT consistently outperforms baseline methods in detection performance at test time. We also show the synergy between MADCAT and prior approaches in addressing concept drift in malware detection