Briton who discovered the WannaCry kill-switch arrested over Kronos malware

A security researcher, Marcus Hutchins, 22, a British national who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas.

A Justice Department spokesperson has confirmed on the phone that his arrest is in relation to his alleged role “in creating and distributing the Kronos banking Trojan.”

“The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015,” said the spokesperson.

The indictment was dated July 11, about two weeks before he flew to the US to attend the annual security conference.

The Justice Department has been after those involved with the notorious Kronos malware for more than two years. The indictment accuses another unnamed defendant in the case of advertising and selling the malware on the now-defunct dark web marketplace AlphaBay. Its founder and operator, Alexandre Cazes, was found dead last month.

The Kronos malware can steal credentials, and uses web injections for every major browser to modify legitimate banking websites. Kronos is able to evade some antivirus detection and sandbox environments.

A friend told ZDNet that he was “was pulled by Marshals at the lounge” after clearing security.