A couple of hours ago HackRead reported that Marcus Hutchins, a security researcher who stopped WannaCry ransomware spreading was arrested by the FBI for unknown reasons while he was attending BlackHat and DefCon security conferences. Now, it has been revealed that Hutchins was arrested for his role in creating and distributing Kronos, a banking malware.
Now, according to a federal indictment as noted by The Verge, it has been revealed that Hutchins was arrested for his role in creating and distributing Kronos, a banking malware discovered in July 2014 which stole banking credentials from around the world but primarily targeted the United Kingdom and North America.
Hutchins was arrested while he was catching a flight from Las Vegas to his home city London.
The indictment also mentions another defendant whose name has been retracted. It is believed that the unknown defended worked with Hutchins on Kronos malware.
An unnamed co-defendant and Marcus Hutchins knowingly conspired and agreed with eachother to commit an offense against the United States, namely, to knowgly cause the transmission of a program, information, code, and command and as a result of such conduct, intentionally cause damage without authorization, to 10 or more protected computers during a 1-year period in voilation of Title 18, United States Code, stated in the court documents.
In a Tweet from 13 July 2014, it can be seen that Hutchins Tweeted about Kronos malware where he asked if “Anyone got a Kronos sample?” However, it’s normal to ask for malware samples since analyzing malicious samples is a core part of a Security researcher’s job.
https://twitter.com/MalwareTechBlog/status/488373794168254464
The timing of Hutchins’s arrest is crucial since US law enforcement authorities have been nabbing people involved in cyber crimes around the world. Last month, authorities shut down Aplhabay marketplace and arrested its founder who later committed suicide in a Thai prison.
Then, Hansa market was also shut down by law enforcement while a number of its buyers and vendors have already been arrested which means the authorities have a track of malware being sold on the dark web. However, it is too early to say if Hutchins sold Kronos banking malware on the dark web or whether he was ever involved in the campaign.