MalwareTech, the security researcher who stopped the WannaCry ransomware, he was arrested in Las Vegas for charges relating to the creation of the Kronos banking trojan together with another person.
The arrest - originally reported by Motherboard - took place on August 2, following the DEF CON security conference.
According to official announcement, οι αρχές συνέλαβαν τον MalwareTech (το πραγματικό του όνομα είναι Marcus Hutchins, 23 ετών από το Ηνωμένο Βασίλειο) για τη δημιουργία και την ενημέρωση του Kronos, ενός γνωστού τραπεζικού trojan που χρησιμοποιεί μια τεχνική που ονομάζεται web injects για να εισαγάγει ψεύτικες σελίδες connectionς σε online τραπεζικές πύλες σε διαφορετικά προγράμματα browsing.
Kronos first appeared in July of 2014 and the last time he actively appeared was in June of 2016. In July of 2014, Kronos was available for sale at a large Russian underground forum with a price of 7.000 dollars.
The official indictment accuses MalwareTech of creating and updating the Kronos trojan, while its accomplice – so far unnamed – published the malware on a hacking forum (for $3.000) and on the AlphaBay (for 2.000 dollars).
US officials captured market servers AlphaBay on Dark Web on July 4 of 2017. The filing date of the indictment is July 11 of 2017.
According to the indictment, the two partners made at least one successful sale Kronos on AlphaBay, again revealing that US authorities likely used the seized items data by AlphaBay to verify and confirm the purchase.
In May of 2017, MalwareTech became world-renowned when it stopped the spread of WannaCry ransomware.
MalwareTech's arrest surprised the security community, as his fellow security researchers found it hard to believe the accusations. Many believe that MalwareTech was caught or that researchers may have been errors in their research [1, 2, 3, 4].
At the time of his arrest, MalwareTech was an employee of the Kryptos Logic encryption company.