Security specialist Marcus Hutchins, better known by his MalwareTech blog and Twitter handle, has pleaded not guilty in a Milwaukee court today on six charges of writing and distributing malware.
Prosecutors maintain that he helped an un-named co-defendant market and sell Kronos, a banking Trojan released in 2014, but which never gained much traction.
His court appearance comes one week after his release on bail from custody in Las Vegas, Nevada, after he had been apprehended at the airport returning from two security conferences.
Prosecutors had opposed bail for Hutchins after he fired a gun at a gun range without a licence earlier in the week.
Under questioning following his arrest, but without a lawyer present, Hutchins reportedly admitted to writing the malware in question. However, malware is not typically built in its entirety from the ground-up and what parts of the malware, exactly, Hutchins is alleged to have been responsible for remains unclear, despite the publication of the indictment against him.
Old Internet Relay Chat (IRC) logs from around five years ago - when Hutchins would have been 18 - paint a picture of a black hat hacker dabbling in malware, although the links are far from conclusive.
After release on bail, expected later today, Hutchins will not be allowed to leave the US or to use the internet. He will also have to wear a GPS tag and, as a non-US national, won't be allowed to work, and will therefore be reliant on family and charity to sustain himself.
The Kronos banking Trojan that Hutchins is accused of writing code for is similar to the Zeus banking malware, from which it borrows heavily. Indeed, in Greek mythology Kronos is the father of Zeus.
Access to Kronos for campaigns was sold for $7,000 a time, with the malware focused on stealing banking login credentials from compromised machines. The form-grabbing and HTML content injection element of Kronos was spread via phishing emails.
Kronos also offered modules for evading detection and analysis - and buyers were even given an option to trial it for a week first for $1,000.
IBM-owned Trusteer reported on the Kronos malware in August 2014, based on the seller's description when it was offered for sale on 'dark web' forums - exactly the same time that Hutchins is alleged to have offered it for sale on 'dark web' forums.
Computing's DevOps Summit returns on 19 September. Attendance is free to qualifying IT leaders and other senior IT professionals, but places will go fast, so secure yours now.
Leaks in the run-up to Samsung Galaxy Note 8 launch pretty much gave it all away
Sonos Play 1 speakers cost £180, but customers could suffer if they don't agree changes to privacy policies
US government 'cyber czar' admits briefing against Kaspersky, but doesn't offer any firm evidence
Acquisition deal may be reached before the end of the month