Releasing the Mobile Malware Mimicking (m3) framework

The Mobile Malware Mimicking framework, or m3 in short, is built to easily and scalable emulate Android malware whilst using very few resources. One can create fake bots via the command-line interface. The fake bots can then be loaded into the emulator, which will then schedule all fake bots.

Each bot will handle the incoming commands from the C2 server based upon the family’s implementation. The traffic of each bot can be routed through a predefined proxy server. Currently, m3 supports the emulation of two malware families: Anubis and Cerberus. The logging is written to the standard output, and to the respective bot’s log file. m3 is free and fully open-source. The code can be found on Github, along with the latest pre-built release.

As spoken about at Black Hat Europe, the Mobile Malware Mimicking framework’s source code and documentation is made fully public. Please make sure you read and understand the disclaimer before using the framework. One can find the general project description here. More information on how to extend the framework can be found here. Information regarding the two implemented families can be found here.

To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit, or DM me on Twitter @Libranalysis.