A former intern at FireEye firm has been arrested for developing and distributing the sophisticated Android malware dubbed Dendroid. Experts at Symantec in March 2014 discovered a new HTTP Android Remote administration tool, named Dendroid, available on the underground market for only $300.
The prosecutors say confirmed the arrest of Morgan Culbertson, 20, of Pittsburgh, the man with double face was working for the IT security Giant FireEye while was improving and selling the Dendroid RAT. According to the prosecutors, the young man was also offering for sale the source code of the mobile malware for $65,000.
The man was identified by law enforcement while running the operation codenamed Shrouded Horizon, that allowed authorities to arrest 70 administrators and members of the popular cybercrime forum Darkode.
“The US Attorney for Western District of Pennsylvania confirmed to FORBES the accused was the same Morgan Culbertson as the one listed on LinkedIn here. According to that page and court filings, he was selling his malware at the same time as working at FireEye.” reported Forbes.
Culbertson worked at FireEye in the summer of 2014 for 12 weeks, he served as part of the Advanced Persistent Threat team as a mobile threat researcher. As highlighted by the media, there is the concrete risk that Culbertson could have used confidential FireEye research to improve his products. The information the young hacker accessed during the service could have allowed him to develop sophisticated anti-detection mechanism.
“I improved Android malware detection by discovering new malicious malware families and using a multitude of different tools, automation techniques and decompiling analysis heuristics,” Culbertson wrote.
FireEye officially confirmed that Culbertson had been suspended.
“Mr. Culbertson’s internship has been suspended pending an internal review of his activities,” FireEye said.
The accusations are serious, according to the FBI the man was charged with conspiring to send malicious code:
“He is accused of designing Dendroid, a coded malware intended to remotely access, control, and steal data from Google Android cellphones. The malware was allegedly offered for sale on Darkode.”
Dendroid is an HTTP Remote Admin Tool that is completely invisible to the user and firmware interface, the toolkit implements an application APK binder package and has a sophisticated PHP panel.
Symantec researchers discovered a link between Dendroid and AndroRAT toolkit:
(Security Affairs – Dendroid, mobile RAT)