MalwareTech, the security researcher who stopped the WannaCry ransomware, he was arrested in Las Vegas for charges relating to the creation of the Kronos banking trojan together with another person.
The arrest - originally reported by Motherboard - took place on August 2, following the DEF CON security conference.
According to official announcement, οι αρχές συνέλαβαν τον MalwareTech (το πραγματικό του όνομα είναι Marcus Hutchins, 23 ετών από το Ηνωμένο Βασίλειο) για τη δημιουργία και την ενημέρωση του Kronos, ενός γνωστού τραπεζικού trojan που χρησιμοποιεί μια τεχνική που ονομάζεται web injects για να εισαγάγει ψεύτικες σελίδες σύνδεσης σε online τραπεζικές πύλες σε διαφορετικά προletterbrowsing.
Kronos first appeared in July of 2014 and the last time he actively appeared was in June of 2016. In July of 2014, Kronos was available for sale at a large Russian underground forum with a price of 7.000 dollars.
The official indictment accuses MalwareTech of creating and updating the Kronos trojan, while its accomplice – so far unnamed – published the malicious software in hacking forum (for $ 3.000) and at AlphaBay (for 2.000 dollars).
US officials captured market servers AlphaBay on Dark Web on July 4 of 2017. The filing date of the indictment is July 11 of 2017.
According to the indictment, the two partners made at least one successful sale Kronos in AlphaBay, again revealing that US authorities have probably used AlphaBay seized data to verify and confirm the purchase.
In May of 2017, MalwareTech became world-renowned when it stopped the spread of WannaCry ransomware.
The capture of MalwareTech surprised the security community, as security researchers colleagues have difficulty believing the charges. Many believe that MalwareTech was trapped or that researchers may have made mistakes in their research [1, 2, 3, 4].
At the time of his arrest, MalwareTech was an employee of the company encryptions Kryptos Logic.