The FBI has arrested the British Marcus Hutchins, known as a security researcher under the name Malware Tech. The discoverer of the WannaCry kill switch is said to have developed its own malware for the theft of bank data. Marcus Hutchins of having been involved in the development and distribution of the malicious software “Kronos” over three years ago.
The Ransomware was intended to access login data in online banking. In the late-Thursday published application is also an accomplice – whose name, however, is blackened throughout. Hutchins was arrested on Wednesday by the IT Security Conferences Defcon and Black Hat in Las Vegas, visited by many hackers.
Hutchins was on the way back from the Hack Conference Def Con in Las Vegas and was arrested at the airport. The FBI accuses him of having advertised and sold the Kronos malware in the Darknet in 2014. Also a video, in which Hutchins explains the functioning of Kronos, according to Motherboard as a proof of its involvement with the development or spread of the malware.
When the cryptotrojaner WannaCry paralyzed computer systems around the world in May, the 22-year-old Hutchins managed to stop the spreading of the malware: he discovered a malicious software kill switch, registered the corresponding domain and stopped the further spread. This made him the hero of the hour among security researchers. Probably without him, the global damage caused by WannaCry, which also lied to computers in hospitals alongside Deutsche Bahn, would have been even greater.
“WannaCry” attacked 300,000 computers
The last tweets from his account “@ MalwareBytes” he set off from the airport, afterwards was Funkstille. Hutchins works in the UK for the IT security company Kryptos Logic.
In the explosive global spread of the extortionist “WannaCry” in mid-May, Hutchins was the first to discover a kind of “switch-off” in the software. It was a happy coincidence, as he himself later admitted.
As long as it was not active in the network, the program encrypted the computer. But “WannaCry” was also programmed to leave the computer alone when the domain returned.
Hutchins registered the domain name and this step strangled the attack. “So I can add to my CV:” I accidentally stopped an international cyber attack, “he wrote on Twitter.
The Trojan has infected 300,000 computers in 150 countries in May, encrypted data on the computers and called for ransom.
Kronos is a malware specifically used to steal bank data from users by routing them to counterfeit bank websites. On forums, the software was traded for 7000 dollars. The phishing tool has existed since 2014. The community of security researchers, however, is behind Malware Tech. As TechCrunch reports, many questions about the link between Hutchins and Kronos remain open. Whether his innocence will prove or the hero of the dark hour of WannaCry will become a prey to criminal activities, now courts need to clarify.