Dendroid is an Android remote access Trojan (RAT) discovered by researchers in 2014. It was available for rent at $300/month on the Dark Web forum, Darkode. This Trojan is capable of infecting Android devices and taking photos using the phone’s camera, record audio and video, download existing photos, record calls, and send texts. Dendroid managed to evade Google Play Store security. The author included anti-emulation detection code and even provided a warranty to customers, guaranteeing Dendroid would remain undetected. It came with a APK Binder, a point-and-click tool for consumers to inject Dendroid into any target application they choose. Perpetrators need only choose a carrier app, download it and launch the Dendroid RAT in order to start pushing out infected applications. In August 2014, the source code was sold and later leaked to GitHub. In the summer of 2015, FBI arrested Morgan Culbertson of Pittsburgh, Carnegie Mellon University attendee and intern at cybersecurity firm FireEye, for creating and selling the Dendroid RAT. Culbertson plead guilty and was sentenced in February 2017 to three years of probation and 300 hours of community service and computer monitoring.


  • August 2014: Source Code of Android RAT Dendroid Leaked Online. (SecurityWeek)
  • March 2015: Android RATs Branch Out with Dendroid. (Symantec)
  • February 2017: Former FireEye Intern, Author of Dendroid RAT, Gets No Prison Time (Bleeping Computer)