MalwareTech — the security researcher who stopped the WannaCry ransomware outbreak — was arrested in Las Vegas on accusations of creating the Kronos banking trojan together with another person.
The arrest — first reported by Motherboard — took place yesterday, August 2, after the DEF CON security conference.
According to an official indictment, authorities arrested MalwareTech — real name Marcus Hutchins, 23, from the UK — for creating and updating Kronos, a well-known banking trojan that uses a technique called web injects to insert fake login pages for online banking portals in various browsers.
The official indictment accuses MalwareTech of creating and updating the Kronos trojan, while his accomplice — currently unnamed — advertised the malware on hacking forums (for $3,000) and AlphaBay (for $2,000).
US officials seized the servers of the AlphaBay Dark Web marketplace on July 4, 2017. The filing date on the indictment is July 11, 2017.
According to the indictment, the two accomplices made at least one successful sale of Kronos on AlphaBay, yet again revealing that US authorities most likely used the seized AlphaBay data to verify and confirm the purchase.
In May 2017, MalwareTech became a world-famous hero when he stopped the spread of the WannaCry ransomware.
MalwareTech's arrest shocked the security community. Fellow security researchers have a hard time believing the accusations. Many believe MalwareTech was framed or investigators might have screwed up their investigation [1, 2, 3, 4].
Kronos is a banking BOTNET. MalwareTech's business is *tracking* botnets.— Kevin Beaumont (@GossiTheDog) August 3, 2017
The possibly that somehow wires have got crossed during an LE investigation should be considered.— Kevin Beaumont (@GossiTheDog) August 3, 2017
MalwareTech's arrest also caused a ruckus in the infosec industry as friends couldn't pin where he was detained and provide him with the proper legal counsel.
At the time of his arrest, MalwareTech was an employee of Kryptos Logic, a US-based cyber-security company.