Be careful tech companies, interns are smarter than you think. A former security intern at the FireEye security firm has admitted to designing the malicious software spyware that could have quite dangerous to millions of Android users.

“Morgan Culbertson, 20, pleaded guilty to federal charges involving Dendroid, a software tool that provided everything needed to develop highly stealthy apps that among other things took pictures using the phone’s camera, recorded audio and video, downloaded photos, and recorded calls,” according to Arstechnica.

“According to this 2014 blog post from Android security firm Lookout, at least one app built with Dendroid found its way into the official Google Play market, in part thanks to code that helped it evade detection by Bouncer, Google’s anti-malware screening system.”

Last month 70 people were arrested during an investigation of the Darkode online crime forum. Culbertson was one of those individuals after spending four months at FireEye according to the report. According to the report Culbertson says he was responsible for the improved security on Android’s devices by strengthening their malware detection software. Unfortunately for the company, it seems as if Culbertson was doing the opposite.

“According to The Pittsburgh Post-Gazette, Culbertson on Tuesday pleaded guilty to developing and selling the malicious tool kit,” said the Arstechnica article. 

“Culbertson advertised the malware on Darkode for $300, and he also offered to sell the source code, presumably for a much higher price, that would allow buyers to create their own version of Dendroid. He faces a maximum 10 years in prison and $250,000 in fines at sentencing, which is scheduled for December 2.”

The only question is how many have already gotten their hands on the Dendroid software and is it still a threat.

Read the full story.