Marcus Hutchins, the British malware analyst who helped stop global Wannacry menace, is now facing four new charges related to malware he allegedly created and promoted it online to steal financial information.
Hutchins, the 24-year-old better known as MalwareTech, was arrested by the FBI
last year as he was headed home to England from the DefCon conference
in Las Vegas for his alleged role in creating and distributing Kronos
between 2014 and 2015.
Kronos is a Banking Trojan designed to steal banking credentials and
personal information from victims' computers, which was sold for $7,000
on Russian online forums, and the FBI accused Hutchins of writing and
promoting it online, including via YouTube.
Hutchins pleaded not guilty at a court hearing in August 2017 in Milwaukee and release on $30,000 bail.
However, a revised superseding indictment
was filed with the Wisconsin Eastern District Court, under which
Hutchins faces four new charges along with the six prior counts filed
against him by the FBI a month before his arrest.
Marcus Accused of Creating and Selling Another Malware
According to the new indictment, Hutchins created a second piece of malware, known as "UPAS Kit," and also lied to the Federal Bureau of Investigations (FBI) when he was arrested and questioned last year in Las Vegas.
As described by prosecutors, UPAS Kit is Spybot virus that "allowed for
the unauthorized exfiltration of information from protected computers"
and "used a form grabber and web injects to intercept and collect
personal information," including credit card details.
UPAS Kit advertised to "install silently and not alert antivirus engines," for prices ranged above $1,000 back in 2012.
According to the indictment, Hutchins created UPAS Kit in 2012, when he
was just 18, and sold it online to another unnamed co-defendant
identified as "VinnyK" (aka Aurora123), who was also involved in
promoting Kronos.
VinnyK then sold UPAS Kit to another person in Wisconsin in 2012, who
allegedly used the malware to attack computers in the United States.
Two other charges relate to Hutchins "aiding and abetting" the
distribution of invasive code in an attempt to damage "10 or more
protected computers," and helping others to hack computers for financial
gain.
Marcus Appealed to his Followers for Donations to Cover Legal Costs
As the news on the revised indictment broke, Hutchins, who has
repeatedly denied any illegal activity, called the charges "bullshit"
and appealed to his Twitter followers for donations to cover legal
costs.
"Spend months and $100k+ fighting this case, then they go and reset the
clock by adding even more bullshit charges like 'lying to the FBI,'"
Hutchins wrote on his Twitter, calling for donations by adding a quote from Starcraft video game: "We require more minerals."
Hutchins' lawyer Brian Klein called the charges "meritless" and said he expects his client to be cleared of all charges.
"[We] are disappointed the govt has filed this superseding indictment,
which is meritless," Klein tweeted. "It only serves to highlight the
prosecution's serious flaws. We expect [Hutchins] to be vindicated and
then he can return to keeping us all safe from malicious software."
Hutchins, who is living in Los Angeles on bail, is unable to leave the
United States since last year due to his pending criminal charges.
Hutchins stormed to fame and hailed as a hero earlier last year when he accidentally stopped a global epidemic of the WannaCry ransomware attack that crippled computers all across the world.