Bargains for Under $25 HP Envy 34 All-in-One PC Review Best Fitbits T-Mobile Data Breach Settlement ExpressVPN Review Best Buy Anniversary Sale Healthy Meal Delivery Orville 'Out Star Treks' Star Trek
Want CNET to notify you of price drops and the latest stories?
No, thank you

WannaCry hero accused of creating Russian banking virus

Just before boarding a flight to head home to the UK, Marcus Hutchins, the researcher who stopped WannaCry, is arrested in Las Vegas by the FBI.

The researcher who stopped the spread of the WannaCry ransomware allegedly created the Kronos banking trojan.

The security researcher who shut down the rampant spread of the WannaCry ransomware in May was arrested Wednesday for allegedly creating a virus of his own.

Marcus Hutchins, better known as MalwareTech, was arrested in Las Vegas as he was about to board a flight back home to the United Kingdom. Hutchins was in Vegas for Defcon, a massive four-day conference where hackers, security experts and researchers gather to share information. 

US Marshals detained Hutchins at McCarran International Airport, and he was being held at the FBI's Las Vegas field office Thursday.

The US government is accusing Hutchins of creating and distributing Kronos, a Russian banking trojan that first popped up in 2014 and stole from online banks. According to Hutchins' indictment (PDF), the researcher and an unnamed partner sold Kronos on the darknet, including on AlphaBay, the recently shuttered marketplace.

The indictment was filed July 12, nine days before Hutchins arrived in the US for Defcon. 

Investigators had been looking into Hutchins for the last two years, according to a source. His charges are related to alleged sales between July 2014 and July 2015.

The Kronos trojan could steal username and password information on banking websites and was used in Canada, Germany, Poland, France and the UK, according to the Department of Justice.

Hutchins is charged with conspiracy to commit computer fraud and abuse, distributing an electronic communication interception device, and attempting to access a computer without authorization.

Hutchins became an online hero after he discovered a kill switch built into the WannaCry ransomware. The virus, which locked up computers and demanded a $300 payment, was spreading like wildfire till Hutchins found a detail in the code that allowed him to halt future infections simply by registering a domain name.

First published Aug. 3, 12:30 p.m. PT
Update, 1:30 p.m.: Adds details from the Department of Justice.

CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition.

It's Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.