It's not surprising that FBI uses malware to track the activities and location of suspects. A New article published by Washington Post covers the story about FBI using malware for surveillance to track suspect's movements.
FBI team works much like other hackers, targets suspects with the Spear Phishing technique that will attempt to exploit vulnerability in the target's machine and installs malware. The malware then collects information from the infected machine and send it back to FBI's server. The malware is also capable of covertly activating webcams.
In a bank fraud case, Judge Stephen Smith rejected FBI request to install spyware in the suspect's system in April.
Smith pointed out that using such kind of technologies ran the risk of accidentally capturing information of others who are not involved in any kind of illegal activity.
In another case, another judge approved the FBI's request in December 2012. The malware also successfully gathered enough information from the suspect's system and helped in arresting him.
In another case, July 2012, an unknown person who is calling himself "Mo" from unknown location made a series of threats to detonate bombs at various locations. He wanted to release a man who had been arrested for killing 12 people in a movie theater in the Denver suburb of Aurora, Colo.
After investigation, they found out Mo was using Google Voice to make calls to Sheriff , he also used proxy for hiding his real IP.
After further investigation, FBI found out Mo used IP address located in Tehran when he signed up for the email account in 2009.
In December 2012, judge approved FBI's request that allowed the FBI to send email containing surveillance software to the suspect's email id. However, the malware failed to perform as intended. But, Mo's computer sent a request for info to FBI's server from two different IP address. Both suggested that he was still in Tehran.