On Thursday, Motherboard reported that Marcus Hutchins, a security researcher known for helping to stop the spread of the WannaCry ransomware, was arrested in Las Vegas.
Now, US prosecutors claim the researcher helped create and distribute the Kronos banking trojan between July 2014 and July 2015.
"Defendant MARCUS HUTCHINS created the Kronos malware," the indictment, embedded below, claims.
The indictment includes information on, but does not name, a second defendant. The conspiracy allegedly included advertising Kronos on internet forums and selling the malware itself.
The indictment includes a list of specific instances where the second defendant allegedly sold and advertised the Kronos malware, including on the recently defunct AlphaBay dark web marketplace.
Got a tip? You can contact this reporter securely on Signal at +44 20 8133 5190, OTR chat at email@example.com, or email firstname.lastname@example.org
The indictment claims an "overt act" taken by the suspects was the use of a video explaining how Kronos works. This video was posted on YouTube on July 13, 2014, the date listed in the indictment (the video has since been removed from YouTube.)
The malware was designed to steal banking credentials, by directing targets to fake, malicious banking websites. According to Threat Post, Kronos was advertised on forums for $7,000.
"You need just a domain or a payment including the domain fee. You'll have full access to the C&C, without any limits or restrictions during test mode," a translated version of a Russian language post advertising the malware reads.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.