WannaCry hero accused of creating Russian banking virus

Just before boarding a flight to head home to the UK, Marcus Hutchins, the researcher who stopped WannaCry, is arrested in Las Vegas by the FBI.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

The researcher who stopped the spread of the WannaCry ransomware allegedly created the Kronos banking trojan.


The security researcher who shut down the rampant spread of the WannaCry ransomware in May was arrested Wednesday for allegedly creating a virus of his own.

Marcus Hutchins, better known as MalwareTech, was arrested in Las Vegas as he was about to board a flight back home to the United Kingdom. Hutchins was in Vegas for Defcon, a massive four-day conference where hackers, security experts and researchers gather to share information. 

US Marshals detained Hutchins at McCarran International Airport, and he was being held at the FBI's Las Vegas field office Thursday.

The US government is accusing Hutchins of creating and distributing Kronos, a Russian banking trojan that first popped up in 2014 and stole from online banks. According to Hutchins' indictment (PDF), the researcher and an unnamed partner sold Kronos on the darknet, including on AlphaBay, the recently shuttered marketplace.

The indictment was filed July 12, nine days before Hutchins arrived in the US for Defcon. 

Investigators had been looking into Hutchins for the last two years, according to a source. His charges are related to alleged sales between July 2014 and July 2015.

The Kronos trojan could steal username and password information on banking websites and was used in Canada, Germany, Poland, France and the UK, according to the Department of Justice.

Hutchins is charged with conspiracy to commit computer fraud and abuse, distributing an electronic communication interception device, and attempting to access a computer without authorization.

Hutchins became an online hero after he discovered a kill switch built into the WannaCry ransomware. The virus, which locked up computers and demanded a $300 payment, was spreading like wildfire till Hutchins found a detail in the code that allowed him to halt future infections simply by registering a domain name.

First published Aug. 3, 12:30 p.m. PT
Update, 1:30 p.m.: Adds details from the Department of Justice.

CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition.

It's Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.