SAN FRANCISCO • A cyber security researcher widely credited with helping to neutralise the global "WannaCry" ransomware attack earlier this year has been arrested on unrelated hacking charges, according to court documents unsealed on Thursday.
Marcus Hutchins, a British-based malware researcher who gained attention for detecting a "kill switch" that effectively disabled the WannaCry worm in May, was detained by the Federal Bureau of Investigation in Las Vegas on Wednesday, a Justice Department spokesman said, days after tens of thousands of hackers descended on the city for the annual Black Hat and Def Con security conferences.
An indictment filed in a US district court in Wisconsin accused Hutchins, also known online as "MalwareTech", of advertising, distributing and profiting from malware code known as Kronos that stole online banking credentials and credit card data.
He was indicted along with an unnamed co-defendant on July 12, but the case remained under seal until Thursday, a day after his arrest.
Hutchins created the software and his accomplice offered to sell the program for US$3,000 (S$4,100) on an Internet forum, the indictment said. The accomplice sold a version of the Kronos malware for US$2,000 in June 2015.
The indictment did not include details on how widely that malware was used, or much specific evidence of Hutchins' involvement. The Justice Department said in a statement that a federal grand jury returned a six-count indictment against Hutchins last month after a two-year investigation.
Kronos malware downloaded from e-mail attachments left victims' systems vulnerable to theft of banking and credit card credentials, which could have been used to siphon money from bank accounts.
Hutchins was heralded within the cyber security community as an overnight folk hero for his apparent role in neutralising the WannaCry attack, which infected hundreds of thousands of computers and caused disruptions at car factories, hospitals, shops and schools in more than 150 countries.
A Justice Department official has said Hutchins' arrest was unrelated to WannaCry.
Kronos, according to the Justice Department's statement, has been configured to strike banking systems in a number of countries, including Canada, Germany, Poland, France and the United Kingdom.
When the malware was first advertised on underground Russian forums in 2014, the asking price of US$7,000 indicated that the selling of malware was a lucrative business.
It was promoted as a hacking tool that could retrieve data including user names and passwords, ATM PINs, and personal information useful in cracking security questions.