Richard C Honour, 31, faces a maximum five years in prison and a US$250,000 fine after admitting releasing the malware.
The Trojan affected users of the DarkMyst IRC chatroom, which is popular with online gamers.
Using the name 'Fyle/Anatoly', Honour sent messages to other IRC users claiming to contain links to online movies.
However, users who clicked on the links were infected with a Trojan that opened a backdoor on their PCs, allowing the hacker to spy on his victims, steal banking details and commit identity theft.
Honour was arrested at his home in Kenmore, Washington following an FBI investigation that found stolen information from victims' computers and evidence that he had written the malicious code.
"The rise of the Trojan has been one of the key developments in cyber-crime in recent years as hackers increasingly use them to steal information and money from unsuspecting internet users," said Graham Cluley, senior technology consultant at Sophos.
"Everyone should be on their guard against this type of attack, and the authorities should be congratulated for bringing complicated cases such as this to a successful resolution."
Honour will be sentenced on 4 May in St Louis, Missouri.
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
