We explore how a hacker confuse malware detection engines with minimal effort. As our overarching contribution, we show that such engines can be easily manipulated to misclassify malware and benign binaries. We substantiate our claim by developing MalFusion, a framework to stress-test and confuse anti-malware engines in identifying malware and its family type. The design goal for our method is to be as simple as possible and without changing the binary functionality. We apply MalFusion on 1750 binaries compiled with different compilers and compiler options for ARM and MIPS architectures and we use 71 anti-malware engines provided by VirusTotal. The overarching observation is that the anti-malware engines rely heavily on source-level string matching such as strings in printf commands. First, we show that when one of our simple string manipulation techniques is applied to malware source-code, 100% of the binaries are deemed as benign. Second, we observe that engines learn: within two weeks, they identify our modified binaries as malware. Third, we show how to exploit this “learning” capability by making engines misclassify string-modified benign binaries. Finally, we observe that there is no free lunch: engines with higher recall on malware binaries are prone to false nositives.