Researcher who neutralized WCry pleads not guilty to writing banking malware

AdSense

Enlarge / At right, Marcus Hutchins, the British security expert accused of creating and selling malware that steals banking passwords, arrives Monday with his lawyers Marcia Hofmann, left, and Brian Klein, at the federal courthouse in Milwaukee, Wisconsin. He pleaded not guilty to the charges.
Joshua Lott/Getty Images

indictment (PDF) accuses him of developing the Kronos banking trojan. Along with an unnamed co-conspirator, Hutchins allegedly advertised the malware on the AlphaBay underground online market forum, according to the indictment. The document says the duo “sold a version of the Kronos malware in exchange for approximately $2,000 in digital currency” on June 11, 2015.

The indictment said the defendant, who goes by the online nickname of “MalwareTech,” knowingly “disseminated by electronic means an advertisement of any electronic, mechanical, or other device, knowing and having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of electronic communications…” Other charges include allegations that he sold an “electronic, mechanical, or other device, in interstate and foreign commerce, knowing and having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of electronic communications.”

Outside of a Milwaukee federal courtroom where Hutchins pleaded not guilty, his attorney, Marcia Hofmann, said the defendant “is going to vigorously defend himself against these charges and when the evidence comes to light we are confident he will be fully vindicated.”

IBM security researchers have reported that the malware was being advertised in Russian underground forums with a price of $7,000. It was billed as a method for criminals to extract passwords and other financial credentials transmitted in major browsers. The ads also claimed Kronos could evade antivirus detection and protection from browser security sandboxes.

In May, Ars published Hutchins’ account of how he stopped the WCry ransomware. You can read that here.

Hutchins, who works for Kryptos Logic of Los Angeles, is going to live in Los Angeles while awaiting an undetermined trial date. He will be tracked by a GPS monitoring device. He has been ordered not to touch the WCry sinkhole, presumably because if it’s shut off it could possibly make the ransomware start spreading again.

Powered by WPeMatico

eBay