Marcus Hutchins, the hero behind the switch of the WannaCry virus, faces new accusations regarding the separate malware that the security investigator allegedly created.
Hutchins, a British citizen, was detained in the United States since August last year, after attending various information security conferences in Las Vegas. He was arrested at the airport on his way home, and has since been charged with multiple charges of crimes related to the attack on information security and the development of the Kronos banking Trojan in 2014. He denies any accusation.
According to a new lawsuit, presented to the United States District Court in eastern Wisconsin, Hutchins is now also accused of creating a second piece of malware, known as UPAS Kit, and distributing it with the help of another person.
The document indicates that the UPAS Kit, created in 2012, was the given name “to a particular type of malware that was advertised as an ‘HTTP modular bot’ and that was commercialized to ‘install quietly and not alert the antivirus engines’”.
It allowed “unauthorized exfiltration of information from protected computers and used a Web Forms and injector seizer to intercept and collect personal information from protected computers, violating their information security”, according to information security experts from the International Institute of Cyber Security.
Two other new charges also relate to the alleged creation, sale and distribution of the UPAS Kit.
He was also accused of lying to the FBI by making a “materially false, fictitious and fraudulent statement” when he was arrested on 2 August, stating that “He did not know that his computer code was part of Kronos until he reverse-engineered malware at some point in the 2016.”
The four additional charges in the formal indictment comprise a total of 10 charges against Hutchins.
In a Twitter publication, his attorney Brian Klein said:
“We are disappointed that the government has filed this supplementary formal indictment, which has no merit. It only serves to highlight the serious mistakes of the prosecution. We hope that @MalwareTechBlog will be vindicated and then he can keep us all safe from these threats to information security. ”
Hutchins appealed to crowd funding to combat accusations against them. He posted o his Twitter profile:
“Investing months and more than 100,000 dollars fighting in this case, and in the end they go and restart the process by adding even more fake charges like ‘ lying to the FBI. ‘
We require more resources. ”
Last month, Hutchins appeared during a hearing, in which he tried to dismiss the phone transcripts and legal documents used against him by U.S. attorneys.