
Marcus Hutchins, the hero who helped stop the infamous WannaCry malware attack earlier this year, is now suspected to be the creator of “Kronos,” a trojan that targets banking institutions.
The British security expert had become famous after stopping the massive WannaCry malware attack that hit the world in May.
As the attacks commenced on a global scale, Hutchins was able to find and activate the kill switch that brought the attack to an end.
Accidental Hero of WannaCry Attacks
The WannaCry attack wreaked havoc on hundreds of major institutions all over the world.
The kill switch was put in the malware by its creator so that they’d be able to shut it down whenever required.
It consisted of a long domain name, and the malware has to make a request to it.
Similar to how websites work, if the request comes back showing the domain is live, then the kill switch is activated and the malware shuts down.
Hutchins was the first one to notice that the domain name was unregistered and, therefore, bought it.
By registering it, he was able to stop the malware from spreading.
Although he didn’t completely understand the significance of registering the domain name initially, it ended up stopping the attacks.
During the initial period Hutchins was not willing to reveal his hand in taking down the attack.
He used an alias to communicate, but people eventually discovered his identity and his face was then featured on the front pages of major newspapers.
Many affectionately gave him the title of “accidental hero” and he slowly gained loyal supporters for his deeds.
The news about Hutchins having a hand in the creation of Kronos has come as a shock to many of his supporters, but most of them believe that Hutchins is not guilty.
Some of his supporters have even started raising money for his bond.
His lawyer stated that Hutchins dedicated his life to researching malware to help people and not attack them.
WannaCry Hero Accused of Creating Kronos
Prosecutor Dan Cowhig claims to have been told by Hutchins that he in fact created the Kronos banking malware.
And although Hutchins is believed to have admitted his involvement in creating the banking malware to authorities, his lawyer stated that he plans to plead not guilty.
Hutchins is currently facing six counts of hacking-related charges due to his involvement in creating, maintaining and spreading the banking trojan.
According to a ruling made by the judge, the bail has been set at $30,000.
The judge said that Hutchins was not a danger to the community nor is he a flight risk; therefore, he has the right to bail.
However, he has been instructed to remain in the United States and allow GPS surveillance for the time being.
If he is found guilty, he could be facing up to 40 years in prison.
Cowhig, however, wasn’t happy with the judge setting bail and stated that Hutchins must not be freed as he is a danger to the public by large.
Hutchins was caught after a sting operation wherein undercover officers sought a transaction for the code.
While the authorities managed to arrest Hutchins, his partner was nowhere to be found.
Cowhig stated he has evidence that shows conversations that took place between Hutchins and the co-defendant in his possession.
The co-defendant is believed to have been the one who advertised the Kronos banking malware on darknet marketplaces such as AlphaBay (before it was seized by the federal government), where the code was sold for over $7,000.
The sale took nearly two months to go through, but it’s currently uncertain if the final transaction occurred through AlphaBay or through some other site.
What is Kronos?

The Kronos banking trojan is a malicious malware program designed to steal credentials and personal data from infected systems.
The data obtained could then be used to access victims’ banking accounts.
What makes the Kronos banking malware unique is that can supposedly evade the current anti-virus software available, and it can run perfectly fine with the latest internet browser versions such as Firefox and Chrome.
It can also alter forms on the pages of banking websites and even obtain PIN codes.
Though it first surfaced in 2014, it only recently came to light again in 2016 when a security company found out that the malware was spread through email attachments to business organizations.