In this paper, we model the malware detection problem as a graph inference problem, and develop a novel belief propagation approach within a semi-supervised learning scheme that fully makes use of files' and hosts' connections to detect malware. Specifically, with network download data, we build a large graph that depicts files' co-occurrence and files-hosts relationship. Different from the classical methods that heuristically define edge weights only in the file co-occurrence graph, we develop a new method to integrate homophilic host-file relationship on top of file co-occurrences. Then, by using the linear neighborhood model, we first perform propagations in the subgraph of files to achieve their stabilization, then extend the propagation to the complete file-host graph. To facilitate this propagation procedure, we develop a set of algorithmic tools that extract information for the linear neighborhood model from the link structure of download events. Also, we theoretically show that, under some mild conditions, our propagation method could reveal the actual labels of unlabeled nodes in the complete graph. Finally, we perform a set of experiments that demonstrate the effectiveness of our new method in a variety of contexts on a real-world dataset.