A British programmer, Marcus Hutchins, who is also known as the WannaCry hero, was arrested in Las Vegas, USA and accused for establishing and presenting the Kronos banking Trojan.
Hutchins, who is also called Malwaretech online, visited Las Vegas just before the beginning of the Black Hat and DEF CON conferences.
During the indictment, M. Hutchins, along with another individual (the individual’s identity is not revealed to the public), are accused of violence against the Computer Fraud and Abuse Act. The defendants are charged with the creation and distribution of the Kronos malware.
It was stated that M. Hutchins established the virus in July, 2014, and the another individual published a video of it on a public website. By now, the video has been removed.
The couple are also alleged for advertising the Trojan in order to sell it. The malware was tried to be sold on internet forums and AlphaBay online market (lately taken down) for $3,000 in August, 2014. The accusation allege that this couple adjusted the malware in February, 2015, and put it on AlphaBay market in April of the same year. Furthermore, the second individual allegedly sold the Trojan for $2,000 (in Cryptocurrency) in June. In addition, the unnamed defendant started offering encryption services that are capable of hiding viruses.
The Kronos malware is a typical banking Trojan, which focuses on stealing consumers’ credentials. The Trojan uses Web-injects assimilating banking or/and financial portals through the prior browsers. The users are tricked by presenting a fraudulent login page that requires the victim to provide it with personal information such as passwords, ATM PINs and security question information.
According to Security Intelligence, Kronos was proceeded as a Ring3 rootkit and was capable of concealing itself from other banking malware that might attack the same victim. There are versions of banking Trojans that attempt to get rid of competing malware.
Hutchins works for KryptosLogic, an American security company. As it was stated earlier, M Hutchins was hailed as a hero due to his work during the famous worldwide WannaCry malware outbreak. WannaCry hero’s analysis revealed a well-known hardcoded killswitch domain that the Virus beaconed out to. As a result, M. Hutchin’s fast reaction in digging out the domain for about $10 very likely saved the US from serious consequences of the WannaCry hack.
However, WannaCry malware was still distributed and infected over 200,000 computers in 150 countries. WannaCry attacked hospitals, telecommunication companies across all Europe and the UK, as well as other main producers and businesses. The Virus wasn’t investigated enough to reveal the inclusion of the killswitch domain, so it still remains unknown.