MalwareTech Arrested by the FBI on Charges of Creating Kronos Banking Trojan


Level 37
Feb 4, 2016
MalwareTech — the security researcher who stopped the WannaCry ransomware outbreak — was arrested in Las Vegas on accusations of creating the Kronos banking trojan together with another person.

The arrest — first reported by Motherboard — took place yesterday, August 2, after the DEF CON security conference.

According to an official indictment, authorities arrested MalwareTech — real name Marcus Hutchins, 23, from the UK — for creating and updating Kronos, a well-known banking trojan that uses a technique called web injects to insert fake login pages for online banking portals in various browsers.

MalwareTech allegedly created Kronos in 2014
Kronos was first spotted in July 2014 and was the last time seen active in June 2016. In July 2014, Kronos was available for sale on a major Russian underground forum for a price tag of $7,000.

The official indictment accuses MalwareTech of creating and updating the Kronos trojan, while his accomplice — currently unnamed — advertised the malware on hacking forums (for $3,000) and AlphaBay (for $2,000).

MalwareTech stopped the WannaCry outbreak
In May 2017, MalwareTech became a world-famous hero when he stopped the spread of the WannaCry ransomware.

MalwareTech's arrest shocked the security community. Fellow security researchers have a hard time believing the accusations. Many believe MalwareTech was framed or investigators might have screwed up their investigation

MalwareTech's arrest also caused a ruckus in the infosec industry as friends couldn't pin where he was detained and provide him with the proper legal counsel.

At the time of his arrest, MalwareTech was an employee of Kryptos Logic, a UK-based cyber-security company.
  • Like
Reactions: silversurfer