![](\"https:\/\/video-images.vice.com\/articles\/598372d93889ba4c718755d9\/lede\/1501787259824-GettyImages-619466056.jpeg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Joseph Cox| Date: Thu, 03 Aug 2017 19:07:54 +0000<\/strong><\/p>\n On Thursday, Motherboard reported<\/a> that Marcus Hutchins, a security researcher known for helping to stop the spread of the WannaCry ransomware, was arrested in Las Vegas. <\/p>\n Now, US prosecutors claim the researcher helped create and distribute the Kronos banking trojan between July 2014 and July 2015.<\/p>\n “Defendant MARCUS HUTCHINS created the Kronos malware,” the indictment, embedded below, claims<\/a>.<\/p>\n The indictment includes information on, but does not name, a second defendant. The conspiracy allegedly included advertising Kronos on internet forums and selling the malware itself. <\/p>\n The indictment includes a list of specific instances where the second defendant allegedly sold and advertised the Kronos malware, including on the recently defunct AlphaBay<\/a> dark web marketplace.<\/p>\n Got a tip? You can contact this reporter securely on Signal at +44 20 8133 5190, OTR chat at jfcox@jabber.ccc.de, or email joseph.cox@vice.com<\/i> <\/b> <\/p>\n The indictment claims an “overt act” taken by the suspects was the use of a video explaining how Kronos works. This video was posted on YouTube on July 13, 2014, the date listed in the indictment (the video has since been removed from YouTube.)<\/p>\n The malware was designed to steal banking credentials, by directing targets to fake, malicious banking websites. According to Threat Post<\/i><\/a>, Kronos was advertised on forums for $7,000.<\/p>\n “You need just a domain or a payment including the domain fee. You’ll have full access to the C&C, without any limits or restrictions during test mode,” a translated version of a Russian language post<\/a> advertising the malware reads.<\/p>\n