DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

British Malware Researcher Charged with Allegedly Creating the Kronos Banking Trojan

Posted on August 4, 2017 by Dissent

So yesterday afternoon, Twitter exploded as word spread that Marcus Hutchins, aka @MalwareTechBlog, had been arrested as he attempted to board a flight back to the U.K. Hutchins, who became an “accidental hero” in stopping the spread of WannaCry, was accused of creating and conspiring with another unnamed defendant in the matter of the Kronos banking trojan.

Later yesterday, the DOJ released this press release:

Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as “Malwaretech,” for his role in creating and distributing the Kronos banking Trojan. Hutchins, a citizen and resident of the United Kingdom, was arrested in the United States on August 2, 2017, in Las Vegas, Nevada.

In the indictment, Hutchins was charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempting to access a computer without authorization. The alleged conduct for which Hutchins was arrested occurred between in or around July 2014 and July 2015.

Publically available information for the Kronos banking Trojan indicates that it was first made available through certain internet forums in early 2014, and marketed and distributed through AlphaBay, a hidden service on the Tor network. On July 20, 2017, the Department of Justice announced that the Alphabay marketplace was shuttered through an international law enforcement effort led by the United States. See www.justice.gov/opa/pr/alphabay-largest-online-dark-market-shut-down

According to the indictment, the Kronos banking Trojan was designed to harvest and transfer the username and password associated with banking websites as they are entered on an infected computer to a control panel hosted on another computer inaccessible to the victim. According to publically available information, since it was created, Kronos has been configured to exfiltrate user credentials associated with banking systems located in Canada, Germany, Poland, France, and the United Kingdom, among others countries.

Kronos presents an ongoing threat to privacy and security, as the Kelihos botnet was observed loading Kronos on computers through email phishing campaign in late 2016. On April 10, 2017, the Department of Justice announced its efforts to dismantle the Kelihos botnet.

See www.justice.gov/opa/pr/russian-national-indicted-multiple-offenses-connection-kelihos-botnet and www.justice.gov/opa/press-release/file/956506/download

“Cybercrime remains a top priority for the FBI,” said Special Agent in Charge (SAC) Justin Tolomeo. “Cybercriminals cost our economy billions in loses each year. The FBI will continue to work with our partners, both domestic and international, to bring offenders to justice.”

This case was investigated by the Federal Bureau of Investigation Cyber Crime Task in Milwaukee. The case is being prosecuted by Assistant United States Attorneys Michael J. Chmelar and Benjamin W. Proctor.

The public is reminded that an indictment contains only charges and is not evidence of guilt. The defendant is presumed innocent and is entitled to a fair trial at which the government has the burden of proving guilt beyond a reasonable doubt.

Law professor Orin Kerr took a closer look at the charges in the indictment and offered some preliminary thoughts on the government’s case.

 

No related posts.

Category: Financial SectorMalwareOf Note

Post navigation

← Protenus Mid-Year Breach Barometer report on health data breaches is out
Not exactly the best-laid plan…. →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.