DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

British Malware Researcher Charged with Allegedly Creating the Kronos Banking Trojan

Posted on August 4, 2017 by Dissent

So yesterday afternoon, Twitter exploded as word spread that Marcus Hutchins, aka @MalwareTechBlog, had been arrested as he attempted to board a flight back to the U.K. Hutchins, who became an “accidental hero” in stopping the spread of WannaCry, was accused of creating and conspiring with another unnamed defendant in the matter of the Kronos banking trojan.

Later yesterday, the DOJ released this press release:

Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as “Malwaretech,” for his role in creating and distributing the Kronos banking Trojan. Hutchins, a citizen and resident of the United Kingdom, was arrested in the United States on August 2, 2017, in Las Vegas, Nevada.

In the indictment, Hutchins was charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempting to access a computer without authorization. The alleged conduct for which Hutchins was arrested occurred between in or around July 2014 and July 2015.

Publically available information for the Kronos banking Trojan indicates that it was first made available through certain internet forums in early 2014, and marketed and distributed through AlphaBay, a hidden service on the Tor network. On July 20, 2017, the Department of Justice announced that the Alphabay marketplace was shuttered through an international law enforcement effort led by the United States. See www.justice.gov/opa/pr/alphabay-largest-online-dark-market-shut-down

According to the indictment, the Kronos banking Trojan was designed to harvest and transfer the username and password associated with banking websites as they are entered on an infected computer to a control panel hosted on another computer inaccessible to the victim. According to publically available information, since it was created, Kronos has been configured to exfiltrate user credentials associated with banking systems located in Canada, Germany, Poland, France, and the United Kingdom, among others countries.

Kronos presents an ongoing threat to privacy and security, as the Kelihos botnet was observed loading Kronos on computers through email phishing campaign in late 2016. On April 10, 2017, the Department of Justice announced its efforts to dismantle the Kelihos botnet.

See www.justice.gov/opa/pr/russian-national-indicted-multiple-offenses-connection-kelihos-botnet and www.justice.gov/opa/press-release/file/956506/download

“Cybercrime remains a top priority for the FBI,” said Special Agent in Charge (SAC) Justin Tolomeo. “Cybercriminals cost our economy billions in loses each year. The FBI will continue to work with our partners, both domestic and international, to bring offenders to justice.”

This case was investigated by the Federal Bureau of Investigation Cyber Crime Task in Milwaukee. The case is being prosecuted by Assistant United States Attorneys Michael J. Chmelar and Benjamin W. Proctor.

The public is reminded that an indictment contains only charges and is not evidence of guilt. The defendant is presumed innocent and is entitled to a fair trial at which the government has the burden of proving guilt beyond a reasonable doubt.

Law professor Orin Kerr took a closer look at the charges in the indictment and offered some preliminary thoughts on the government’s case.

 

Related posts:

  • AlphaBay and Hansa taken down in coordinated operations by FBI and Dutch National Police
  • Marcus Hutchins’ plea leaves unsettled whether writing certain types of code is illegal – Ekeland
  • Victims of W-2 phishing scams (2017 list)
  • Justice Department Announces Five Cases as Part of Recently Launched Disruptive Technology Strike Force
Category: Financial SectorMalwareOf Note

Post navigation

← Protenus Mid-Year Breach Barometer report on health data breaches is out
Not exactly the best-laid plan…. →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.