Marcus Hutchins, the 23 year old who defeated WannaCry, is set to appear in US court charged with alleged Kronos malware involvement.
He was arrested by the FBI on Wednesday in Las Vegas where he had been attending major cybersecurity events Black Hat and Defcon.
Kronos is a trojan, which is as the name suggests, an attack hidden by a disguise of legitimacy, that specifically targets bank accounts. The involvement Hutchins is alleged to have had in the malware’s creation and distribution was between 2014 and 2015.
This type of malware is spread via emails that contain the malicious payload, and the attack would be triggered by accessing an attached document for example. As a result of this, the malware specifically targeted bank credentials.
A United States Department of Justice statement reported by the BBC said: “Marcus Hutchins… a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan.”
Coinciding with the arrest of Marcus Hutchins, a dark-web site believed to have been used for the distribution of the Kronos malware called Alphabay was shut down.
Hutchins gained fame for coming to the defence of the NHS when it was suffering at the hands of the WannaCry ransomware attack that had a global reach and devastating effect. He had wanted to remain anonymous, but his identity was revealed and he was heralded a hero.
The Twitter account believed to be used by Marcus Hutchins, @MalwareTech, tweeted asking for a sample of the Kronos malware on the 13th of July 2014, shortly after the discovery was made. Family and peers of Hutchins have reportedly expressed disbelief at the prospect of the accused party being guilty.