Former FireEye Intern Admits Developing and Selling Malicious Android Tool

20-year-old Morgan Culbertson has pleaded guilty in Pittsburgh federal court to developing and selling a malicious tool called Dendroid. The tool in question allows an attacker to make an app that could hijack an Android device, steal its data, and use its camera to spy on victims.

Dendroid made headlines in 2014 when it managed to bypass Bouncer, Google’s anti-malware screening system to find a place in Google Play, Android’s marquee app store. A custom remote access toolkit (RAT) – aka remote administration toolkit – Dendroid allows an attacker to remotely control the device the malicious tool it is installed on. It was being sold for around $300 (roughly Rs. 19,900), and charged $65,000 (roughly Rs. 43 lakhs) for the source code of the malware.

A former FireEye, a security firm intern, Culbertson said that he improvised malware detection by discovering new malware families and using a plethora of different tools. He was arrested in an international law enforcement targeting the Darkode, a crime online forum in July.


Touted as the world’s biggest English-language online crime forum, the site had more than 250 to 300 active members. FBI and Europol shut it down in July after a strategic 18-month operation. The agents had found personal information of more than 19,000 people taken from a database of social security numbers, and 20 million email addresses.

(Also see:US Darkode Hacker Pleads Guilty to Aiding Online Break-Ins )

Culbertson has taken responsibility of developing and selling Dendroid. “I committed the crime, so I am responsible,” said Culbertson. “I understand what I did was wrong and I take full responsibility. I would like in the future to use may skills to help protect people.”

He could face up to 10 years in prison and $250,000 in fines. The verdict will arrive on December 2.