THE BRIT SECURITY EXPERT who brought May's WannaCry ransomware outbreak to a halt has pleaded not guilty in a US court to charges of writing and distributing the Kronos banking Trojan.
Marcus Hutchins appeared in front of a "packed courtroom" in Milwaukee, Wisconsin on Monday, Motherboard reports, where he pleaded not guility to six charges related to the alleged creation and distribution of the banking malware.
Hutchins is now out on bail awaiting trial. Under his bail conditions, he will not be allowed to leave the US. He will also have to wear a GPS tag and, as a non-US national, won't be allowed to work, and will therefore be reliant on family and charity to sustain himself.
He has been allowed back online, and is basing himself in Los Angeles, home of his employer Kryptos Logic, where he hopes to continue working as a security researcher.
Hutchins, better known as 'MalwareTechBlog', was arrested by the FBI on 2 August as he sought to board a plane home from Def Con.
Under questioning following his arrest, but without a lawyer present, Hutchins reportedly admitted to writing the malware in question. However, malware is not typically built in its entirety from the ground-up and what parts of the malware Hutchins is alleged to have been responsible for remains unclear, despite the publication of the indictment against him.
Old Internet Relay Chat (IRC) logs from around five years ago - when Hutchins would have been 18 - paint a picture of a black hat hacker dabbling in malware, although the links are far from conclusive.
The Kronos banking Trojan that Hutchins is accused of writing code for is similar to the Zeus banking malware, from which it borrows heavily. Indeed, in Greek mythology Kronos is the father of Zeus.
Access to Kronos for campaigns was sold for $7,000 a time, with the malware focused on stealing banking login credentials from compromised machines. The form-grabbing and HTML content injection element of Kronos was spread via phishing emails.
Kronos also offered modules for evading detection and analysis - and buyers were even given an option to try it for a week first for $1,000.
IBM-owned Trusteer reported on the Kronos malware in August 2014, based on the seller's description when it was offered for sale on 'dark web' forums - exactly the same time that Hutchins is alleged to have offered it for sale on 'dark web' forums. µ
One step ahead again
Gets moved to add-on store
Inspired a generation to make science from bobbins (sometimes literally)
Are advertised to go undetected by body orifice security scanners in prisons