Arbitrium-RAT: remote access trojan, Fully Undetectable
Arbitrium is a cross-platform is a remote access trojan (RAT), Fully Undetectable (FUD), It allows you to control Android, Windows, and Linux and doesn’t require any firewall exceptions or port forwarding. It gives access to the local networks, you can use the targets as an HTTP proxy and access Router, discover local IPs, and scan their ports. Includes modules like Mimikatz, new modules can easily be added. In addition, if Arbitrium is used with a DNS spoofing software is can spread autonomously between devices (#AutoSpread). Arbitrium is a project of multiple parts, the parts were built using Java, JS, C, Python, Cordova and VueJS.
The client uses simple tools which makes it completely undetectable, the trojan based on netcat mainly pipe TCP packets to run the server’s commands.
- Battery optimization / StealthMode
Unlike with Stock Android, customizations like MIUI by Xiaomi, EMUI by Huawei, or Samsung’s Android Pie ignore the permissions/exceptions given to an app by the user. So if you try to run an Android’s trojan in the background, the moment the app starts running frequent or heavy (in some cases even lightweight) tasks (ex: sending http requests periodically) it will be killed no matter what permissions the user grants, the OS completely ignores the current settings, dontkillmyapp.com is a known website dedicated for this particular issue.
The aforementioned issue was quite annoying while working on this project, after a while I found that building a lightweight binary that keeps running the assigned tasks in the background while the MainActivity standstill just after launching the binary appears to bypass most of the restrictions and actually even improve the performance of the App.
MainActivity receives a JS file from the server and uses
ThreadPoolExecutor to initiate the binary without hanging for it to exit (More on this StealthMode/BatteryBypass).
- Web interface
There is also a control panel, it’s not a requirement but an extension, it’s a simple VueJS webapp, a UI you can use to control the targets instead of directely sending requests to the API. The webapp is available here: Arbitrium WebApp
Copyright (C) 2021BenChaliah