British cyber security expert Marcus Hutchins who accidentally stopped the WannaCry global ransomware attack has been arrested in the US by the FBI for allegedly conspiring to advertise and sell a malicious software named Kronos that targeted bank accounts.
@MalwareTechBlog author was stopped by the FBI on Wednesday as he prepared to board a flight from Las Vegas back to his home in London. Hutchins participated in the Black Hat and Defcon security conferences, although he did not present any research.
Hutchins was arrested for his role in “creating and distributing the Kronos banking trojan,” according to a federal indictment from the Department of Justice against him and an unnamed co-defendent. Kronos was a malware that harvested online banking credentials and credit card data, first discovered in July 2014.
The Kronos virus was spread through spam emails with malicious attachments and allowed hackers steal money using credentials such as internet banking passwords.
The law enforcement document says that Hutchins also updated the malware while another unnamed defendant helped to sell it online $2,000. There are 6 counts within the indictment that allege Hutchings not only created malware but transmitted it and attempted to cause damage to “10 or more protected computers”. The alleged offences took place between July 2014 and July 2015.
The indictment alleges that Kronos was listed and sold on AlphaBay, with the unnamed co-defendant advertising and maintaining the malware. The AlphaBay takedown provided federal agents with significant transaction records from the previously anonymous marketplace, which may have provided a new way to track the Kronos’s creators.
Marcus Hutchins is best known for his role in stopping WannaCry ransomware, which affected nearly 230,000 computers worldwide. Using a vulnerability in Windows 7 and Windows XP operating systems, WannaCry encrypted victims’ files and demanded a $300 in Bitcoin ransom. Hutchins found a kill switch that stopped the virus from rapidly spreading.