Marcus Hutchins, the security researcher credited for blunting the effect of the WannaCry ransomware attack in May this year, has been arrested in the United States.
Briton Hutchins - who goes under the name Malwaretech - and an unnamed individual were arrested in Las Vegas ahead of this week's Black Hat and DefCon security conferences.
Hutchins is said to have written Kronos, while the unnamed defendant sold the malware on the Alphabay dark web market and Russian internet forums for an asking price of US$2000 to US$3000.
Kronos is a credentials-stealing malware that attempts to exfiltrate victims' bank account details to the attackers that control it.
The unnamed defendant is said to have demonstrated Kronos in a YouTube video as part of his marketing effort for the malware. It was available until recently but has now been taken down by YouTube.
Another YouTube video purporting to show how to set up Kronos for a banking botnet remains available.
Hutchins rose to fame in May after he registered a domain that deactivated dissemination of WannaCry.
He was widely lauded for his quick thinking, and received a US$13,000 bug bounty for his efforts.
WannaCry ransom money on the move
Separately, the ransom collected by the WannaCry attackers has been moved out of the Bitcoin digital wallets it was being stored in.
The Actual Ransom twitter bot tweeted that three wallets had been emptied of a total of US$140,000 (A$176,200) in Bitcoin.
It's not clear at this stage what the final destination for the WannaCry ransom is, or who it is trying to cash out the payments.