“Hero” Who Stopped WannaCry Charged By FBI Over Banking Trojan
Marcus Hutchins, the 23 year old British cyber security researcher who was credited with thwarting the WannaCry global cyber attack, has been arrested by the FBI over his alleged involvement in another malicious software targeting bank accounts.
On Wednesday Hutchins, who who goes by the handle MalwareTech, was in Las Vegas where he had been attending Black Hat and DEF CON which are cyber security and hacking conferences. Hutchins was about to board a plane back to the UK when was arrested (August 2nd) by the FBI.
Motherboard reported that Hutchins, ‘was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.’ A friend had to gone to the detention centre to try to visit Hutchins but found he’d already been transferred out.
According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of helping to create, spread and maintain the banking trojan Kronos, between 2014 and 2015.
— Lorenzo Franceschi-B (@lorenzoFB) August 3, 2017
What Is Kronos?
Kronos is a form of malicious computer software, known as a banking trojan, that is designed to steal people’s financial details when they sign into online services such as internet banking. It emerged in 2014, when security researchers first spotted that it was being advertised on Russian forums for $7,000 (£5,300). The name derives from the mythical Greek titan, the father of Zeus.
The original ad seen on a Russian forum in 2014 revealed that Kronos can steal credentials from browsing sessions in Internet Explorer, Firefox and Chrome using so-called “form-grabbing” and HTML content injection techniques. Form-grabbing captures all data before it’s sent and is a more sophisticated alternative to keylogging.
The first announcement of Kronos was on exploit.im back July 1st 2014. pic.twitter.com/UglzzjTyfP
— Kevin Beaumont (@GossiTheDog) August 3, 2017
A Trojan is a form of malware that masquerades as a benign application. Its strength lies in tricking victims into downloading and running malicious code via attachments on, for example, emails.
Trojans are often bundled with legitimate software or bookmark bars downloaded online. The original software works as it should, to avoid suspicion. Once installed, a Trojan can be used by hackers to install other malicious software, steal usernames and passwords and log keystrokes.
How Does The Kronos Malware Spread?
Kronos’ behaviour is typical of a banking Trojan. In November 2016, security researchers at Proofpoint spotted several large email campaigns sending tens of thousands of messages, targeting various industries, from universities to banks and hospitals.
These campaigns were sent globally but primarily targeted the UK and North America. The Kronos malware was sent via attachments that looked legitimate. If an email recipient