Morgan Culbertson, a former intern at the cybersecurity company FireEye, pleaded guilty Tuesday in federal court to designing a malicious software tool that enabled hackers to take control of a target's Android phone. Culbertson then sold the tool kit, known as Dendroid, in the Darkode dark Net marketplace.
Dendroid was a software tool that enabled users to build their own malware-infused app capable of taking almost full control of an Android phone. The apps could take pictures with the phone's camera, record phone calls, download photos, record video and access other sensitive features. Dendroid also proved it could get apps into the Google Play store by including code that subverted Google's security checks.
“I am sorry to the individuals to whom my software may have compromised their privacy,” Culbertson said in Pennsylvania federal court, as quoted by the Pittsburgh Post-Gazette. “I committed the crime.”
Culbertson, 20, listed Dendroid for $300 on Darkode, the now-shuttered hacking forum frequented by members of the Lizard Squad hacking collective and other nefarious customers. He also offered to sell the source code for Dendroid for more money, enabling buyers to create their own customized version of the malware.
Culbertson faces a maximum of 10 years in prison and a $250,000 fine.