WannaCry kill switch founder detained on suspicions he might be the creator of Kronos Banking Trojan

A hero or a crook? MalwareTech impact on WannaCry attacks

MalwareTech behind Kronos Banking Trojan

Before hitting the headlines as the suspected developer and distributor of Kronos Banking Trojan, Marcus Hutchins, better known by his screen name MalwareTech, became famous overnight after discovering a kill switch which helped immobilize the infamous WannaCry virus [1].

This threat is responsible for the biggest ransomware attack cyber community has ever seen. Before they were stopped by MalwareTech, cybercriminals managed to infiltrate major organizations, businesses, paralyze traffic systems, telecommunication and healthcare services.

Victims have paid between $300 to $600 for the decryption of a single PC. While the precise WCry’s profit is unknown, according to the recent reports, extortionists have already cashed out 143 thousand dollars from the Bitcoin wallets linked to the ransomware campaign [2].

Playing on both sides

He may have stopped the most vicious ransomware virus of all time, but Hutchins good deeds were not taken into account when the FBI arrested him on hacking changes at the beginning of August. The UK citizen is currently being prosecuted for his involvement in the development and distribution of Kronos Banking Trojan between 2014-2015 [3].

In fact, some believe that MalwareTech may potentially be related to WannaCry campaign himself as the news about his detainment and the emptying of WCry’s Bitcoin wallet accounts came out at the same time.

While such information has not been confirmed, it is best to focus on what we already know.

It appears that Hutchins was the one to unleash the infamous Kronos Banking Trojan to the web and later offer it on the dark market for $7,000.

Facts about Kronos Trojan:

  • The malware proliferated via spam emails and their attachments. Users would get automatically infected after downloading and opening the compromised Word document.
  • The virus would settle inside the system and start operating on it as a background process, collecting banking passwords, logins and other sensitive information it could gather.
  • Stolen information would then be stored on remote servers, used to break into the victims’ bank accounts or sold on the dark web.

Kronos Trojan is currently no longer active, but its versions and other counterparts like Zeus are still swarming the web. Be careful not to get infected with one! Obtain a reputable malware detection tool, regularly update your software and enable automatic system updates.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions