Researcher who blunted WannaCry faces further charges

The legal troubles for Marcus "Malwaretech" Hutchins are continuing, with United States federal prosecutors adding new charges against the British security researcher.

Hutchins is credited with having slowed down the large global WannaCry/WannaCrypt ransomware attack last year, but was nevertheless arrested by US police in August 2017 while on his way to the Black Hat security conference in Las Vegas.

The 24-year-old, who goes under the moniker Malwaretech, was accused by US authorities of having created and sold the infamous Kronos banking malware between 2014 and 2015.

He has denied the charges and fought the case since his arrest, with no trial date set as of yet.

Now, a US federal grand jury issued a superseding indictment against Hutchins with four further charges, taking the total number of allegations to ten.

Hutchins is now accused of creating the Upas Kit (also known as Rombrast) as well as Kronos, and distributing it between 2012 and 2015.

Court documents obtained by USA Today describe the Upas Kit as as an information stealer that uses a form grabber and web injections to intercept and exifltrate sensitive personal information from victims' computers.

Prosecutors allege that Hutchins provided the Upas Kit to an unnamed person who used the handles Vinny, VinnyK, Gone with the Wind, Cocaine, Jack of All Trades and Aurora123.

Aurora123 is alleged to have sold and distributed the Upas Kit to a person located in Wisconsin for US$1500 in digital currency.

Under the monikers Vinny and VinnyK, the person is alleged to have marketed the Kronos banking malware Hutchins is accused of creating in 2014 in the Darkode and exploit.in forums, earning US$3000 in one sale in the latter marketplace.

Hutchins is also alleged to have distributed Kronos to an unnamed but known Californian cyber criminal, the US authorities said.

The FBI based the new allegations on intercepted internet chat messages allegedly between Hutchins and the unnamed individuals said to have assisted him marketing, selling and distributing Kronos and the Upas Kit.

The superseding indictment charges Hutchins with:

• One count of conspiring to commit computer fraud and abuse, and intercept electronic communications.
• One count of conspiring to commit wire fraud.
• Six counts related to distributing, selling, promoting, and advertising a device used to intercept electronic communications.
• Two counts of attempting to access a computer without authorisation.
• One count of making a false statement to the FBI.

Via Twitter, Hutchins called the charges "bullshi*t" and denied lying to the FBI.

Having spent over US$100,000 on fighting his case, Hutchins is calling for donations from supporters to continue his defence.

His defence lawyers Brian Klein and Marcia Hoffman expressed disappointment with the additional charges, calling the superseding indictment "meritless".

"It [the superseding indictment] only serves to highlight the prosecution’s serious flaws. We expect @MalwareTechBlog to be vindicated and then he can return to keeping us all safe from malicious software," Klein said.