{ "id": "4f7950a5-e7a0-459d-b7af-338c1fdea0e4", "created_at": "2026-04-06T00:19:35.974328Z", "updated_at": "2026-04-10T03:24:30.160572Z", "deleted_at": null, "sha1_hash": "c45b0d43c088e19fad2249fd99a382e5a4beb3b1", "title": "Security researcher MalwareTech pleads guilty", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1150502, "plain_text": "Security researcher MalwareTech pleads guilty\r\nBy Written by Catalin Cimpanu, ContributorContributor April 19, 2019 at 1:10 p.m. PT\r\nArchived: 2026-04-05 16:36:01 UTC\r\nSecurity\r\nMarcus \"MalwareTech\" Hutchins, the British security researcher known for stopping the WannaCry ransomware\r\noutbreak, has pleaded guilty today to writing malware in the years prior to his prodigious career as a malware\r\nresearcher.\r\n\"I regret these actions and accept full responsibility for my mistakes,\" Hutchins wrote in a statement posted on his\r\nwebsite. \"Having grown up, I've since been using the same skills that I misused several years ago for constructive\r\npurposes. I will continue to devote my time to keeping people safe from malware attacks.\"\r\nUp to ten years in prison\r\nAccording to court documents obtained by ZDNet, Hutchins pleaded guilty to two counts, and the government\r\nagreed to drop the other eight.\r\nhttps://www.zdnet.com/article/security-researcher-malwaretech-pleads-guilty/\r\nPage 1 of 3\n\nHe pleaded guilty to entering a conspiracy to create and distribute malware, and in aiding and abetting its\r\ndistribution.\r\nFor each count, Hutchins faces up to five years in prison, up to $250,000 in fines, and up to one year of supervised\r\nrelease.\r\nUS authorities arrested Hutchins at the Las Vegas international airport in August 2017, when the researcher was\r\ntrying to return home to the UK after participating at the Black Hat and DEF CON security conferences.\r\nHutchins was charged with developing the Kronos and UPAS-Kit malware strains --two banking trojans.\r\nHe was also charged with working with a co-conspirator --identified only as \"Vinny,\" \"VinnyK,\" and\r\n\"Aurora123\"-- to advertise and sell the two malware strains online. This happened between July 2012 and\r\nSeptember 2015, before Hutchins built a career as a talented security researcher.\r\nControversial case\r\nHutchins' arrest was controversial, and for many reasons. He argued that he was detained and interrogated while\r\nsleep-deprived and intoxicated, and that FBI agents misled him about the true intentions of the interrogation.\r\nFurther, his lawyers also argued that Hutchins' actions happened while he was still a minor, and outside the\r\nstandard five-year statute of limitations.\r\nThe prosecution responded by piling new charges --such as developing the UPAS-Kit trojan (he was initially only\r\ncharged with developing the Kronos malware) and with lying to the FBI during his interrogation. These later\r\ncharges were deemed ludicrous by some US legal experts.\r\nUltimately, Hutchins' team failed in their attempt to suppress statements made during the FBI's interrogation\r\nfollowing his arrest, and his case was locked for a jury trial in Madison, Wisconsin.\r\nHutchins' sentencing hearing has not been set.\r\nSee als\r\nHelping the infosec community\r\nAfter his arrest, Hutchins has been released on bail and has been living in Los Angeles while awaiting trial.\r\nHe was prohibited from working for his employer, US-based cyber-security firm Kryptos Logic, but Hutchins has\r\nturned his focus on sharing his malware analysis skills with the rest of the information security (infosec)\r\ncommunity.\r\nOver the course of the past one and a half year, Hutchins has been publishing written and video malware analysis\r\ntutorials. He is considered one of today's most talented security researchers.\r\nhttps://www.zdnet.com/article/security-researcher-malwaretech-pleads-guilty/\r\nPage 2 of 3\n\nHear! Hear! - Marcus has taught me a great deal during my journey with #emotet. I am\r\nstill amazed that he has worked with me and the @Cryptolaemus1 team to help us with\r\nour battle. Without his help, we would still be in the stone age fighting this botnet!\r\n— Joseph Roosen (@JRoosen) April 19, 2019\r\nData leaks: The most common sources\r\nRelated malware and cybercrime coverage:\r\nMalvertising campaign abuses Chrome for iOS bug to target iPhone users\r\nCyber-security firm Verint hit by ransomware\r\nReveton ransomware distributor sentenced to six years in prison in the UK\r\nScranos rootkit expands operations from China to the rest of the world\r\nEmotet hijacks email conversation threads to insert links to malware\r\nSource code of Iranian cyber-espionage tools leaked on Telegram\r\nHow the United Nations helps fight global cybercrime TechRepublic\r\nApple removed popular app that was secretly stealing your browser history CNET\r\nSource: https://www.zdnet.com/article/security-researcher-malwaretech-pleads-guilty/\r\nhttps://www.zdnet.com/article/security-researcher-malwaretech-pleads-guilty/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.zdnet.com/article/security-researcher-malwaretech-pleads-guilty/" ], "report_names": [ "security-researcher-malwaretech-pleads-guilty" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434775, "ts_updated_at": 1775791470, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c45b0d43c088e19fad2249fd99a382e5a4beb3b1.pdf", "text": "https://archive.orkl.eu/c45b0d43c088e19fad2249fd99a382e5a4beb3b1.txt", "img": "https://archive.orkl.eu/c45b0d43c088e19fad2249fd99a382e5a4beb3b1.jpg" } }