Marcus Hutchins, the security researcher who helped stop the WannaCry attack earlier this year, has reportedly been arrested in the US on charges of creating, selling, and maintaining malware.
Motherboard first reported news of Hutchins being detained by the FBI on his way home from the DefCon hacking event in Las Vegas. It was initially thought Hutchins, who posts online under the psyeudonym MalwareTech, had been taken by US Marshals but a spokesperson for the agency said the arrest had been made by the FBI.
He has now been charged in connection with a two-year cybercrime investigation in the US into the Kronos malware. This investigation started before the WannaCry outbreak and the two are not said to be related in terms of Hutchins.
The Department of Justice said in a statement that Hutchins “was arrested on August 2, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing Kronos.” Alphr has contacted the DoJ for more information about the counts.
What is Kronos malware?
Kronos is a banking Trojan which is spread through email attachments. It is used to steal banking passwords from infected computers and has been configured to infiltrate banking systems in the UK, Canada, Germany, France, Poland among other countries.
Early reports of Kronos emerged in 2014 when an ad was spotted on a Russian cybercriminal forum. The tool was being advertised for $7,000 as part of a package which included free upgrades and bug fixes. Research into the malware found that it is, or at least this early form, was compatible with tools developed for what is probably the most famous banking Trojan, Zeus. In fact, it was said to have been designed to allow cybercriminals who still use Zeus to easily move over to Kronos.
Hutchins is accused of maintaining Kronos with an unnamed accomplice. They are specifically accused of spreading the malware via the Alphabay marketplace from July 2014 and July 2015.
Hutchins became a somewhat reluctant “hero” in May this year when he discovered a hidden “kill switch” in the WannaCry ransomware virus that hit more than 300,000 computers, many in the NHS, across 150 countries. He was later reportedly working with the National Cyber Crime Unit of the National Crime Agency, but this hasn’t been confirmed.
Following reports of his detainment, Hutchins was believed to have been taken to the Henderson Detention Center in Nevada on Thursday before being moved to a different, unknown location.