In a surprising turn of events, the FBI have arrested Marcus Hutchins, the WannaCry kill switch creator, in Las Vegas for allegedly creating and distributing the Kronos malware to steal banking logins from victims’ computers.
Hutchins, from Ilfracombe in Devon, who goes by the name of Malware Tech, became well-known earlier this year when he managed to find a kill switch to the WannaCry cyberattack that targeted countries such as the U.K., the U.S., Russia, Spain, France and Taiwan after a flaw was exploited in Microsoft Windows.
The flaw, known as EternalBlue, was a leaked National Security Agency (NSA) tool that hacker group Shadow Brokers had dumped online earlier this year. While a patch for it had been released by Windows, organizations running on older versions of Windows such as XP were failing to install the patch, leaving them vulnerable.
The cyberattack, which started in London, saw the U.K.’s National Health Service (NHS) affected by the ransomware. In England, 47 NHS trusts had issues while 13 NHS organizations in Scotland were also targeted.
However, 23-year-old Hutchins discovered a kill switch for the malware after he registered a domain name used by the malware to prevent it spreading. Labelled a hero, it was reported that the cyber expert was working with the U.K.’s Government Communication Headquarters (GCHQ), a British intelligence and security organization, to prevent another cyberattack.
Banking Malware
Now, though, in a new turn of events, Hutchins was arrested at Las Vegas airport on his return to the U.K. after attending the Def Con and Black Hat events by the FBI.
According to a statement from the U.S. Department of Justice (DoJ), it said:
Marcus Hutchins … a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan.
The indictment focuses on his involvement of the creation of Kronos and the alleged advertising and selling of it on Internet forums such as the now-defunct dark web market AlphaBay, from July 2014 to July 2015.
The indictment, which was dated 12 July, also lists a second name; however, that has yet to be made public.
What is Kronos?
Kronos, which is a type of malware known as a Trojan, made its first appearance in July 2014 when it was advertised on a Russian underground forum for $7,000. Designed to disguise itself as legitimate software, Kronos was marketed as a way for hackers to steal bank login details.
According to the DoJ, Kronos has been ‘configured to exfiltrate user credentials associated with banking systems located in Canada, Germany, Poland, France, and the United Kingdom, among others countries.’
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://sigbanc.com/MarketInsight/NewsDetails/35028
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Classic NSA messing everything up. we couldn't possibly just live super long peaceful lives that would be un-american
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @prophetgamer! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit