With the comprehensive application of encryption techniques, a growing number of malware also resort to encryption to hide their activities online, consequently preventing traditional methods based on patterns and features from meeting the requirements of accuracy and universality. To solve this problem, this study proposes a malicious encrypted traffic identification method based on hierarchical feature fusion and attention. The algorithm has a hierarchical structure and sequentially extracts the features of data packets and session flows. In the former phase, a global mixed pooling method is designed for feature fusion. In the latter phase, the attention mechanism is used to improve the ability of the bidirectional long short-term memory (BiLSTM) network to analyze sequential relationships. Finally, verification experiments are conducted on the CIC-AndMal 2017 dataset, and the results show that the proposed model is well-designed. Compared with the text convolutional neural network (TextCNN) model and the hierarchical spatiotemporal feature and multi-head self-attention (HST-MHSA) model, the proposed model reduces the false negative rate respectively by 5.8% and 2.6% and increases the weighted F1-score respectively by 4.7% and 3.5%. In other words, the proposed model achieves a satisfactory optimization effect in the identification and classification of malicious encrypted traffic.