The British cyber-security researcher who stalled WannaCry cyber-attack that hit the NHS has been arrested and charged in a US cyber-crime case.
Marcus Hutchins, 23, has been accused of involvement with Kronos – a separate piece of malware used to steal banking logins from victims’ computers.
Fellow cyber-security researchers have expressed surprise at the indictment.
The UK’s National Cyber Security Centre has said that it was aware of the situation.
WannaCry spread rapidly through computer systems around the world, in an unprecedented outbreak that began on 12 May.
Shortly afterwards, Mr Hutchins was thrust into the limelight after he found a way to stop it from spreading.
He had been in Las Vegas attending the Black Hat and Def Con cyber-security conferences, but activity on his Twitter feed – usually highly active – ceased a day ago.
“Marcus Hutchins… a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan,” the US Department of Justice (DoJ) said in a statement.
“The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015.”
Kronos is malware that is designed to steal banking login and other financial data from infected computers.
The DoJ’s indictment is dated 12 July, before Mr Hutchins arrived in the US.
It alleges that he created and sold Kronos on internet forums, including the AlphaBay dark web market, which was recently shut down after an international law enforcement operation.
A second defendant is included in the indictment, but their name has not been made public.
Mr Hutchins tweeted about Kronos shortly after it was reported in the press: “Anyone got a Kronos sample?” he wrote.