A cyber security researcher who helped to take down the WannaCry ransomware attack in May has been arrested on isolated hacking charges. Court documents unveiled on Thursday have shown that the security professional had stolen online banking credentials and credit card data for a year.
The 23-year-old British national Marcus Hutchins was incarcerated on Wednesday by the US Federal Bureau of Investigation (FBI) in Las Vegas. Hutchins was in the city for this year's Black Hat and Def Con events.
In an indictment filed in a US District Court in Wisconsin, Hutchins, who is known in the community of hackers as MalwareTech, was accused of advertising, distributing and profiting from Kronos, a malware code used in stealing online banking identifications and credit card information. The court filing said Hutchins' hacking spree transpired for a year, between July 2014 and July 2015.
Hutchins, alongside a co-defendant, whose name has not been revealed yet, is now facing six counts related to Kronos. Hutchins appeared before US Judge Nancy Koppe in Las Vegas on Thursday. According to Reuters, the defendant "showed no emotion" while Koppe presented the charges against him.
Dan Coe, a federal public attorney, told the court Hutchins had cooperated with the government prior to being charged. The hearing will commence on Friday to determine if he will be represented by a public attorney or private legal counsel.
Kronos malware is usually affixed to email attachments. Once downloaded, the device's system becomes susceptible to theft of banking and credit card information, which gives hackers access to bank accounts and draw off cash. The malware was used to snip bank account details in the UK, Germany, France, Poland and Canada, among other countries.
In May, Hutchins was celebrated as a hero in the community after pinning down the "kill switch" of WannaCry, the infamous ransom malware that brought down hundreds of thousands of computers around the world.