FireEye intern arrested, turns out he created the Dendroid Android malware

Cybersecurity firm FireEye, Inc. would be feeling rather embarrassed today with news that they had employed an intern who turned out to be one of the world’s top Android hackers.

20-year-old Morgan Culbertson, according to reports, was arrested Wednesday and stands accused of being the mastermind behind Dendroid, malware that infects Android phones and can both steal data from the phone, and even control the device.

To make matters worse, or be it more interesting, he was selling Dendroid at the same time he was working on cybersecurity matters at FireEye.

Dendroid, sold on the Darknet for $300, allows anyone who purchased it to turn any legitimate Android app into malware; as a bonus, buyers also received round-the-clock software support for it.

The source code however was a far more lucrative proposition, with claims that it was being sold for a rather neat figure of $65,000 a pop.

Among its feature list, the software allows hackers to remotely, and without a user knowing, take screenshots, photos, videos and audio recordings.

FireEye said in a statement that it had been caught be surprise, but had acted given the news.

“Mr. Culbertson’s internship has been suspended pending an internal review of his activities,” FireEye said.

Threats to FireEye

The biggest concern out of the arrest is not only did one of the world’s leading cybersecurity firms employ someone as an intern who moonlighted as a hacker software seller, but the possible threat that FireEye’s own services may have be compromised by having someone like that working for them.

According to Culbertson’s LinkedIn profile, he worked with FireEye’s elite Advanced Persistent Threat team, which focuses on investigating hackers and their tactics, which is ironic considering what he has now accused to have been doing.

That’s all conjecture of course, but it still gets worse, this is how he describes his role at FireEye:

I improved Android malware detection by discovering new malicious malware families and using a multitude of different tools, automation techniques and decompiling analysis heuristics

Yep, the guy behind Dendroid worked Android malware protection.

As for Dendroid, it is allegedly no longer available on the Darkweb, with the site selling it shut down, but being the Darkweb that should be taken with a serious grain of salt.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s