Deep learning is widely used in many applications in the real world, especially image classification, but some hardly perceptible perturbations may mislead the high-accuracy classifiers. The adversarial attacks are used to find out the adversarial examples for improving the robustness of the classifier in recent years, but the black-box adversarial attacks lack a real-world scenario to apply. This thesis introduces a real-world scenario for black-box adversarial attacks. Under this scenario, the upper limit of the degree of perturbation is estimated from the real-world distortion, and it is proved that this distortion will impair the performance of the classifier. This thesis also proposes a black-box adversarial attack corresponding to the scenario: Transfer-based black-box adversarial attack with genetic algorithms. This attack takes advantage of genetic algorithms and reduces the followed query costs with a surrogate model based on the transferability of adversarial attacks. This research shows that the distribution of perturbed vectors in the latent space can help the attack algorithm find adversarial examples.