Parallel life of a White Hat and Black Hat


This is Marcus Hutchins.


Known online as MalwareTech, his profile on Wikipedia described him as an English computer security researcher at cybersecurity firm Kryptos Logic and known for temporarily stopping the WannaCry ransomware attack in May 2017. 


No one knew that Hutchins was also a cyber criminal. Prior to allegedly helping to stop the WannaCry virus, Hutchins had in 2014 assisted in the creation and spread a piece of banking malware known as Kronos which he sold it in 2015 via the AlphaBay forums. It is a type of Trojan, which itself is a type of malware pretending to be something else — like a harmless email attachment — but is actually something far nastier ready to infect a victim’s computer. Trojans are commonly spread via email attachments, and once downloaded, can give attackers free reign to snoop and steal sensitive information like financial data, emails, and passwords.


Kronos gave buyers the tools to grab banking details from victims’ machines, using a process called keylogging. It was equipped with a form-grabber (for stealing login credentials when accessing banking services), and worked on the web browsers Chrome, Internet Explorer, and Firefox. The Trojan also used an untraceable injection method that was able to bypass common anti-virus software. Kronos also came with some extra features where it could change the format of banking web pages to add extra forms for users to input, like PIN codes, in the hope of scooping up extra information from unwitting victims.


Hutchins was arrested in August 2017 in Las Vegas while he was attending the DEF CON conference.