WannaCry NHS cyber attack hero is accused of creating Kronos malware

by Gabriel E. Hall - -

British hero's lawyers claim that the confession was coerced 

Marcus Hutchins claims to be coerced to confess

According to US prosecutors, Marcus Hutchins, 23, has confessed developing and selling Kronos malware which is designed to steal banking credentials[1]. He was arrested at Las Vegas airport before flying home to Ilfracombe, Devon, from a hacking congress. However, M. Hutchins denies all six changers and pleads not guilty.

The lawyers of Marcus Hutchins, also known as MalwareTech, claim that he was sleep-deprived, intoxicated and coerced to confess[2]

The defence intends to argue that the government coerced Mr Hutchins, who was sleep-deprived and intoxicated, to talk.

They also added that M. Hutchins might have wrongly understood his rights if they were not clearly stated to him[3]. In other terms, he might have believed that the silence can be used against him just like in UK's legal system:

As such, his decision to speak with the agents was not knowing, intelligent, and made in full awareness of the nature of the right given up and the consequences of giving up that right, as the law requires.

Marcus Hutchins has a personal cybersecurity blog

While M. Hutchins was not well-known before, in May 2017, he has been announced as a British hero who halted WannaCry[4] attack which targeted to infiltrate NHS and spread in more than 150 countries. Likewise, he has already received approximately $14 000 from 226 people for his defence fund. 

People believe his innocence and claim that government's case is built on feeble evidence which contradicts to M. Hutchins long-term activity of exposing cybercriminals and their malicious software. However, the government says to have an informant named Randy who is expected to testify in the court[5].

Randy says he had numerous online chats with Marcus Hutchins during which he has confessed about his malicious activity. Although, the date for the trial in Wisconsin is not set yet. 

Kronos malware has both, Trojan and Rootkit features

Kronos malware had been active on July 2014-2015. Initially, it aims to steal banking logins and passwords or other valuable information. However, experts said that it is also able to stealthily infiltrate on the computer and hide its presence. Thus, many recognize it as a rootkit as well. 

However, currently, Marcus Hutchins is held on bail in Los Angeles and has denied the charges including developing and spreading Kronos banking trojan in 2014. 

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References