I don't think so, no. I think they also need overt acts in furtherance of a conspiracy to use the tools. It's probably not as cut and dry as "you have to actually use the tools to break into someone". It's a bit of a tightrope, though, because if you're a predecessor on the graph of people involved in an actual crime, sharing tools can drag you into a prosecution.
So far as I know (this is sort of my profession), there's no federal "burglars tools" law regarding malware.
> So far as I know (this is sort of my profession), there's no federal "burglars tools" law regarding malware.
To be fair, many "burglars tools" laws require possession of the tools WITH INTENT to perform a criminal action. The intent piece is key. Merely possessing lock picks is usually fine. But sulking around masked in bushes outside an office building with a pickset, rope, and an empty duffel bag might get you in trouble.
A good list of Lockpick laws collected and indexed state-by-state at http://toool.us/laws.html. You see that in most jurisdictions intent is required.
While malware laws are still much less mature, I would hope that similarly there'd be an intent requirement. Possessing malware for purposes of reverse engineering to develop protections is obviously important, and clearly an activity we would want to remain lawful (and hopefully unlicensed/regulated).
Conspiracy is probably the easier route to a conviction.
So far as I know (this is sort of my profession), there's no federal "burglars tools" law regarding malware.