The security researcher who shut down the rampant spread of the WannaCry ransomware in May was arrested Wednesday for allegedly creating a virus of his own.
Marcus Hutchins, better known as MalwareTech, was arrested in Las Vegas as he was about to board a flight back home to the United Kingdom. Hutchins was in Vegas for, a massive four-day conference where hackers, security experts and researchers gather to share information.
US Marshals detained Hutchins at McCarran International Airport, and he was being held at the FBI's Las Vegas field office Thursday.
The US government is accusing Hutchins of creating and distributing Kronos, a Russian banking trojan that first popped up in 2014 and stole from online banks. According to Hutchins' indictment (PDF), the researcher and an unnamed partner sold Kronos on the darknet, including on AlphaBay, .
The indictment was filed July 12, nine days before Hutchins arrived in the US for Defcon.
Investigators had been looking into Hutchins for the last two years, according to a source. His charges are related to alleged sales between July 2014 and July 2015.
The Kronos trojan could steal username and password information on banking websites and was used in Canada, Germany, Poland, France and the UK, according to the Department of Justice.
Hutchins is charged with conspiracy to commit computer fraud and abuse, distributing an electronic communication interception device, and attempting to access a computer without authorization.
Hutchins became an online hero after he discovered a kill switch built into the WannaCry ransomware. The virus, which, was spreading like wildfire till Hutchins found a detail in the code that allowed him .
First published Aug. 3, 12:30 p.m. PT
Update, 1:30 p.m.: Adds details from the Department of Justice.
CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition.
It's Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.