Hutchins pleads not guilty in Milwaukee court on six charges of writing and distributing malware

Marcus Hutchins appears in court a week after his release on bail following his airport arrest

Marcus Hutchins, the security specialist better known by his MalwareTech blog and Twitter handle, has pleaded not guilty in a Milwaukee court today on six charges of writing and helping to distribute malware used in the Kronos banking Trojan.

Prosecutors maintain that he helped an un-named co-defendant market and sell Kronos, a banking Trojan released in 2014, but which never gained much traction.

His court appearance comes one week after his release on bail from custody in Las Vegas, Nevada, after he had been apprehended at the airport returning from two security conferences.

Prosecutors had opposed bail for Hutchins after he fired a gun at a gun range without a licence earlier in the week.

Under questioning following his arrest, but without a lawyer present, Hutchins reportedly admitted to writing the malware in question. However, malware is not typically built in its entirety from the ground-up and what parts of the malware, exactly, Hutchins is alleged to have been responsible for remains unclear, despite the publication of the indictment against him.

Old Internet Relay Chat (IRC) logs from around five years ago - when Hutchins would have been 18 - paint a picture of a black hat hacker dabbling in malware, although the links are far from conclusive.

After release on bail, expected later today, Hutchins will not be allowed to leave the US or to use the internet. He will also have to wear a GPS tag and, as a non-US national, won't be allowed to work, and will therefore be reliant on family and charity to sustain himself.

A crowd-funding campaign has been set-up by friends to raise money for Hutchins' legal defence.

The Kronos banking Trojan that Hutchins is accused of writing code for is similar to the Zeus banking malware, from which it borrows heavily. Indeed, in Greek mythology Kronos is the father of Zeus.

Access to Kronos for campaigns was sold for $7,000 a time, with the malware focused on stealing banking login credentials from compromised machines. The form-grabbing and HTML content injection element of Kronos was spread via phishing emails.

Kronos also offered modules for evading detection and analysis - and buyers were even given an option to trial it for a week first for $1,000.

IBM-owned Trusteer reported on the Kronos malware in August 2014, based on the seller's description when it was offered for sale on 'dark web' forums - exactly the same time that Hutchins is alleged to have offered it for sale on 'dark web' forums.

Computing's DevOps Summit returns on 19 September. Attendance is free to qualifying IT leaders and other senior IT professionals, but places will go fast, so secure yours now.