Skip to content ↓ | Skip to navigation ↓

A former intern at FireEye has pleaded guilty to selling the Dendroid malware on the underground web forum Darkode.

According to The Register, Morgan Culbertson, 20, of Pittsburgh recently pleaded guilty to his crimes before a Pittsburgh federal judge.

“I committed the crime, so I am responsible,” Culbertson told Senior U.S. District Judge Maurice Cohill Jr. on Tuesday. “I understand what I did was wrong and I take full responsibility. I would like in the future to use may skills to help protect people.”

Culbertson is just one of dozens of people who were arrested in “Operation Shrouded Horizon,” a two-year operation led by the Federal Bureau of Investigations and the Department of Homeland Security in collaboration with law enforcement agencies in over 20 countries against the Darkode underground forum.

Another hacker who was arrested in the takedown, Eric Coker, has pleaded guilty for using Darkode to help spread Facebook malware to over 77,000 computers.

Despite the efforts of international law enforcement, Darkode has already resurfaced on the web.

According to the newspaper of Carnegie Mellon University, where he studied computer science, Culbertson began developing Dendroid at age 17.

morgan culbertson
Morgan Culbertson (Source: CNN Money)

Dendroid is a sophisticated form of Android malware in that it allows attackers to remotely take pictures using their infected devices’ cameras, record audio and video, listen in on calls, and exfiltrate photos and other data.

Used the moniker “Android” on Darkode, Culbertson peddled the malware for $300 and the source code for $65,000.

Shortly after his arrest earlier this summer, it was revealed that Culbertson had in the past completed a 12-week internship with FireEye as part of its Advanced Persistent Threat team as a mobile malware researcher. FireEye has since terminated his internship.

It is unclear at this time whether he may have used data and technologies available at FireEye to hone his malware.

Culbertson faces 10 years in prison and a $250,000 fine for conspiracy to damage protected computers when he is sentenced in December.

Tripwire CCM Express Free Trial