Zachary Shames from Virginia pleaded guilty in a federal district court and now faces a maximum penalty of up to 10 years in prison for his past deeds.
Shames was arrested this summer while he was working as a technical intern at Northrop Grumman, a security and defense government contractor, developing front-end site code and backend Java software and managing a MySQL database, according to what appears on his Linkedin page.
According to a press release from the U.S. Department of Justice, Shames developed a keylogger in 2013 that allowed users to steal sensitive information, including passwords and banking credentials, from a victim's computer, while he was still a high school student in 2013.
Keylogger is malicious software designed to record every keystroke on a victim's computer.
Limitless Logger Pro, which he sold for $35 on the infamous Hack Forums, according to an anonymous security researcher quoted by Motherboard.
Shames "continued to modify and market the illegal product from his college dorm room," at James Madison University in Harrisonburg, Va. and sold it to more than 3,000 people who, in turn, infected over 16,000 victims, the U.S. Attorney's Office said.
The keylogger malware developed by Shames slowly turned out into a powerful tool.
According to TrendMicro (pdf), apart from key-logging, Limitless KeyLogger can also recover account names and passwords from many popular applications, such as Apple Safari, Firefox, Opera, Google Chrome, Bitcoin wallets, Core FTP, DynDNS, FileZilla, Internet Download Manager, Internet Explorer, Spotify, and more.
Shames pleaded guilty in an Alexandria courtroom, and Judge Liam O'Grady accepted his plea.
Shames now faces a maximum penalty of up to 10 years in prison and has been sentenced to be scheduled for June 16, 2017.