MalwareTech tweet

The US government has filed new charges against Marcus Hutchins, the security researcher known as MalwareTech who stopped the WannaCry ransomware outbreak last year.

According to court documents, the new charges are for allegedly creating another piece of malware and for lying to the FBI.

Hutchins accused of allegedly creating UPAS Kit malware

Hutchins had previously been accused of creating and selling the Kronos banking trojan last year. But in a superseding indictment filed today, US prosecutors claim Hutchins also coded and sold another piece of malware called the UPAS Kit.

According to US prosecutors, UPAS Kit "used a form grabber and web injects to intercept and collect personal information from a protected computer," and "allowed for the unauthorized exfiltration of information from protected computers."

The US government claims Hutchins sold this second malware strain in July 2012 to a person going by the online pseudonym of Aurora123, who later infected US users.

Hutchins accused to lying to the FBI

Furthermore, new charges accuse Hutchins of lying to the FBI agents who questioned him following his arrest last August.

The US government claims that Hutchins lied when he said he didn't recognize the code he created as being part of the Kronos malware until 2016, when he first analyzed the malware.

The FBI says that when Hutchins later admitted to creating and selling the Kronos malware to an individual named VinnyK in 2014, Hutchins indirectly admitted that he also lied in his first statement.

But it's these statements that the FBI is clinging to, which are also crucial for US prosecutors, that Hutchins' lawyers are trying to have dismissed.

Hutchins' legal team says their client was interrogated while "sleep-deprived and intoxicated," after a long week of parties at two Las Vegas security conferences, and without being informed of any charges or having been read his Miranda rights as a suspect in the US. The defendant's team argues that under these circumstances the evidence should be considered inadmissible.

Expert poke holes in the new charges

Legal expert and independent journalist Marcy Wheeler claims all of today's new charges are a last-ditch attempt to prolong the Hutchins case, which many legal experts see heading towards a dismissal.

"The false statements charge is the best of all, because for it to be true a Nevada prosecutor would have to be named as Hutchins’ co-conspirator, because his representations in court last summer directly contradict the claims in this new indictment," Wheeler points out in an analysis of the superseding indictment.

Furthermore, Wheeler also highlights that the new charge of creating the UPAS Kit refers to alleged criminal acts that have taken place while Hutchins was a minor, and outside the standard five-year statute of limitations. Therefore, the prosecution shouldn't be able to charge him in the first place for two very different reasons.

"[Marcia Hofmann] and I are disappointed the government has filed this superseding indictment, which is meritless," Brian Klein, one of Hutchins' lawyers said on social media today.

"It only serves to highlight the prosecution’s serious flaws. We expect [Hutchins] to be vindicated and then he can return to keeping us all safe from malicious software," Klein added.

Hutchins pleaded not guilty last year. On social media, Hutchins joked about the new charges and asked his followers for donations for the mounting legal fees.