The British security researcher Marcus Hutchins was arrested by the FBI on Thursday after being indicted on charges of creating the Kronos banking malware.

The news of the Marcus Hutchins‘s arrest made the headlines, the motivation has shocked the IT sector; the British malware experts who stopped the WannaCry ransomware outbreak was arrested in Las Vegas on Wednesday on suspicion of being a malware author.

Marcus Hutchins has developed the malicious code and he updated the code in February 2015 with a co-conspirator who is accused of advertising the Kronos banking Trojan on hacker forums.

The accomplice has sold at least one copy of the malware for $2,000, the US government also claims that on June 11, 2015, Hutchins sold attack code in America.

Kronos was developed starting from the Zeus Trojan, it took its name after the father of Zeus in Greek mythology, with the intent to steal money from victim’s bank accounts.

Principal featured advertised were:

• Common credential-stealing techniques such as form grabbing and HTML injection compatible with the major browsers (Internet Explorer, Firefox and Chrome);+
• 32- and 64-bit ring3 (user-mode) rootkit capable of also “defending from other Trojans”;+
• Antivirus bypassing;+
• Malware-to-C&C communication encryption;+
• Sandbox bypassing.+

Kronos malware was offered for $7,000 and it includes numerous modules for evading detection and analysis, the seller also offered a “try and buy” server for $1,000, giving the possibility to test the malware for a week prior to buying it.

Going back in the time, experts noticed that Marcus Hutchins tweeted the following message on July 13, 2014.

https://twitter.com/MalwareTechBlog/status/488373794168254464

Pierluigi Paganini

(Security Affairs – WannaCry, Marcus Hutchins)

[adrotate banner=”13″]