Cellphones are increasingly becoming attractive targets of various malware, which not only cause privacy leakage, extra charges, and depletion of battery power, but also introduce malicious traffic into networks. In this work, we seek system-level solutions to handle these security threats. Specifically, we propose a mandatory access control-based defense to blocking malware that launch attacks through creating new processes for execution. To combat more elaborated malware which redirect program flows of normal applications to execute malicious code within a legitimate security domain, we further propose using artificial intelligence (AI) techniques such as Graphic Turing test. Through extensive experiments based on both Symbian and Linux smartphones, we show that both our system-level countermeasures effectively detect and block cellphone malware with low false positives, and can be easily deployed on existing smartphone hardware.