Recap: Marcus Hutchins was arrested in 2017 in association with developing the Kronos banking malware. Later, he would face more charges, including the UPAS Kit malware strain and lying to the FBI. All told, Hutchins was slapped with ten felony counts, but a plea agreement will see the talented security researcher fallen from grace only plead guilty to two charges.
Marcus Hutchins, known online as MalwareTech, has pleaded guilty to two out of ten felony counts related to banking malware. Hutchins became an overnight sensation after containing the virulent WannaCry malware attack, being lauded as the "WannaCry hero."
In August 2017, just months after having contained WannaCry, Hutchins was arrested in Las Vegas after leaving the Black Hat and Def Con security conferences. He was charged with developing the Kronos banking trojan. Following a superseding indictment, he was later charged with a second piece of malware known as UPAS Kit, as well as lying to the FBI.
"As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security," Hutchins wrote in a statement via his website. "I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks."
In a plea agreement, Hutchins pleaded guilty to two of ten charges: One being he intended to distribute Kronos, and the other being conspiracy. For each charge, Hutchins faces up to 5 years in prison and $250,000 in fines. Hutchins has yet to be sentenced, and it is currently unclear when sentencing will take place.