MalwareTech is back online, as he pleads not guilty to Kronos malware charges

Marcus Hutchins denies charges, and returns to Twitter.

MalwareTech is back online, as he pleads not guilty to Kronos malware charges

Marcus Hutchins, the “accidental hero” who helped curb the spread of the WannaCry ransomware attack that struck the UK’s NHS hard in May, pleaded not guilty in a Milwaukee court yesterday to charges related to a separate piece of malware, named Kronos.

Hutchins, who goes by the moniker “MalwareTech” online, was arrested in Las Vegas earlier this month, as he attempted to return from the DEF CON hacking conference.

The 23-year-old’s arrest, and claims that he might have been involved with the creation of the Kronos banking malware, shocked the infosecurity community, many of whom have questioned whether the FBI has put a strong enough case together to pursue Hutchins, and why it does not appear to have found any US-based victims of the malware.

Sign up to our free newsletter.
Security news, advice, and tips.

The part played by Hutchins’ unnamed co-defendant, who law enforcement allegedly purchased a copy of the Kronos banking trojan from via the now defunct dark web AlphaBay marketplace, and appears to play a larger role in the indictment against Hutchins, also remains uncertain.

At the earlier court hearing in Las Vegas (transcript here), prosecutors said:

“In his interview following his arrest, Mr Hutchins admitted that he was the author of the code that became the Kronos malware and admitted that he had sold that code to another.”

That’s curious wording: “…admitted that he was the author of the code that became the Kronos malware”. That’s not the same as admitting being the author of the Kronos banking malware. Questions may inevitably be asked as to whether the writing of software code can be directly linked to crimes later allegedly committed with assistance from the code.

And although the authorities claim that they will present evidence of chat logs from 2014 where Hutchins allegedly discusses with his unnamed co-defendant splitting the proceeds of the “sale of the Kronos banking trojan through his associate” we will have to see whether a clear link can be made between the security researcher and any crime.

While he awaits trial, Hutchins is required to stay in the United States and wear a GPS tracker. He has been allowed back online, and is for now basing himself in Los Angeles, home of his employer Kryptos Logic, where he hopes to continue working as a security researcher.

Get the popcorn folks, this one is going to run for a while… Either the FBI have made an enormous screw-up of their investigation of the Kronos malware, or a young man – hailed as a hero by many – made some very dumb decisions a few years ago.

For further discussion on this story, make sure to listen to this episode of the “Smashing Security” podcast:

Smashing Security #038: 'Gents! Stop airdropping your pics!'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

One comment on “MalwareTech is back online, as he pleads not guilty to Kronos malware charges”

  1. Doug Revell

    These "admissions" sound a bit like a gun manufacturer "admitting" they made and sold the mechanism of the gun that shot Kennedy – interesting, but not a crime. What, i wonder, is in it for his – unnamed and apparently unarrested – so-called co-defendant?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.