It has been over a month since purported Dendroid malware developer Morgan Culbertson was arrested in a world-wide operation that put 70 involved members under searches and arrests. Fast-forward to today and we are learning Culbertson has pleaded guilty in court last Tuesday, making him responsible for the federal charges involving the creation of the before-mentioned malicious software.
For those who may not have kept up with these events, Dendroid is a malicious piece of software with the purpose of stealing information from infected users. After having successfully attacked a device, the hacker would gain the ability to take pictures using the phone’s camera, track both ambient audio and video, download photos and even record calls.
We know at least one infected app made it to the Google Play Store, and the malicious code was also widely distributed via other methods, making this one of the most dangerous malware implementations the Android ecosystem has seen. So… who was responsible for this whole mess?!
Morgan C. Culbertson is 20 years old (wow!) and was a student a Carnegie Mellon University. He also spent some months as a FireEye intern, where he “improved Android malware detection by discovering new malicious malware families and using a multitude of different tools.”
Culbertson was selling his malware via Darkode (the forum that was targeted by the authorities) for $300. He also had his source code up for sale, which would allow buyers to create their own version of Darkode. The only catch was that entire software and its code would go for a much higher price.
What’s next? It definitely won’t be fun for Morgan, who faces a maximum of 10 years in prison and $250,000 in fines. The sentencing is scheduled for December 2nd, so we wil learn more details when that day comes around. I just wonder if he made that much money selling his software!