‘Hero’ Brit WannaCry Cyber Researcher Arrested In US For Kronos Trojan

The British security researcher accused of helping to create and spread the Kronos banking Trojan has reportedly admitted writing code included in the malware but will plead not guilty in court.

Marcus Hutchins, otherwise known as ‘Malwaretech’ on social media, was arrested by the FBI  on Wednesday in Nevada, after he attended the Black Hat and Def Con hacking conference in Las Vegas.

He could be released on bail this week, although he will be required to stay in the US.

FBI Arrest

“Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as “Malwaretech,” for his role in creating and distributing the Kronos banking Trojan,” said the US Department of Justice in a statement.

“In the indictment, Hutchins was charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavouring to intercept electronic communications, and one count of attempting to access a computer without authorisation,” said the DoJ. “The alleged conduct for which Hutchins was arrested occurred between in or around July 2014 and July 2015.”

A second defendant is also included in the indictment, but their name has not been made public.

If found guilty, Hutchins could be jailed for 40 years.

Loading ...

Essentially, the DoJ believes that Hutchins is responsible for the creation and distribution of Kronos on Internet forums.

This was a nasty piece of malware that was designed to steal banking login and other financial data from infected computers. It first came to prominence in 2014 after it posed as legitimate software in order to infect people’s computers.

It’s creator boasted it could evade existing anti-virus software and said it worked with Internet Explorer, Firefox and Chrome web browsers. The creator also (unusually) promised to deliver free upgrades and bug fixes for the trojan, and even offered attackers a one week trial for $1,000.

Kronos resurfaced again in October 2015 after it reportedly attacked both British and Indian banking websites.

Then in May 2016 it hit customers of Canadian financial institutions, and last November Kronos was apparently being distributed in emails sent to financial service firms, hospitality businesses, as well as those companies operating in the higher education and healthcare industries.

It has been suggested by some that code written by Hutchins was ‘stolen’ and incorporated into Kronos

‘Hero’ Researcher

The fact that the FBI believes that Hutchins was responsible for this trojan has come as a surprise to many.

When the WannaCry ransowmware spread rapidly through computer systems around the world in May, it crippled huge swathes of NHS IT infrastructure.

As the ransomware attack began to take hold, Hutchins (aka Malwaretech) obtained a sample of the malware from a fellow researcher.

Hutchins then tested the ransomware in a virtual environment and discovered it queried an unregistered domain. He had noted the malware was connecting to multiple IP addresses targeting a server message block (SMB) vulnerability.

He then registered the domain, an action which ultimately resulted in the botnet being terminated.

Hutchins actions only emerged days after the first WannaCry attacks.

Quiz: Are you a security pro?

First published: 4 August 2017 /  Last Updated: 7 August 2017

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Microsoft Xbox Marketing Chief Leaves For Roblox

Microsoft loses Xbox marketing chief amidst executive changes in company's gaming division, broader layoffs and…

10 hours ago

YouTube Test Community ‘Notes’ Feature For Added Context

YouTube begins testing Notes feature that allows selected users to add contextual information to videos,…

10 hours ago

FTC Sues Adobe Over Hidden Fees, Termination ‘Resistance’

US regulator sues Photoshop maker Adobe over large, hidden termination fees, intentionally difficult cancellation process

11 hours ago

Tencent To Ban AI Avatars From Livestream Commerce

Chinese tech giant Tencent to ban AI hosts from livestream video platform as it looks…

11 hours ago

TikTok US Ban Appeal Gets 16 September Court Date

Action by TikTok, ByteDance and creators against US ban law gets 16 September hearing date,…

12 hours ago

US Surgeon General Calls For Warning Labels On Social Media

US surgeon general calls for cigarette-style warning labels to be shown on social media advising…

13 hours ago