Marcus Hutchins, the famous WannaCry hero that was nabbed last year is now facing more judicial action.
Known by his handle name @MalwareTechBlog, Marcus Hutchins instantly became the WannaCry hero after ‘accidentally’ discovering and creating the alleged kill switch that stopped the dreaded ransomware attack.
However, the independent security analyst was nabbed by FBI agents August last year at the Las Vegas McCarran International Airport after attending the Black Hat and Def Con event for his supposed involvement with the distribution of the banking trojan Kronos. Now, nearly a year after his arrest, Hutchins is reportedly facing four new charges filed against him by prosecutors.
The new charges, which were introduced in a superseding indictment, were added on top of the first six charges that were filed against Hutchins by the federal government. The four charges pressed against the British-born security researcher include conspiracy to defraud the U.S., lying to the FBI, computer fraud, and the distribution, possession, and advertisement of an intercept device.
According to prosecutors, Hutchins was responsible for developing and distributing a piece of malware dubbed as UPAS Kit. The latter reportedly “used a form grabber and web injects to intercept and collect personal information from a protected computer.” Furthermore, the UPAS Kit also allows “unauthorized exfiltration of information from protected computers.”
The government claims that Hutchins had made the malware back in 2012 when he was just 18 years old. He then started selling it online together with another person only identified as ‘VinnyK.’ The tool was marketed for its capability to be installed silently without alerting any antivirus engines. The government said that Hutchins then sold the UPAS Kit to an individual known as Aurora123 who eventually used it to attack people in the United States.
Hutchins’ legal representatives had tried to get the researcher’s initial statements to be dismissed, citing that he was not fully aware of his right and that he was sleep-deprived and intoxicated when the authorities questioned him.
“We expect @MalwareTechBlog to be vindicated and then he can return to keeping us all safe from malicious software,” Brian Kelin, Hutchins’ legal counsel, tweeted.
Hutchins has already pleaded not guilty to the charges initially filed against him. He said in a tweet last year that it cost him over $100,000 USD to fight and has already solicited donations from his friends for his legal funds.