Hutchins, 23, who was charged with creating and distributing the Kronos banking trojan, was asked to pay US$30,000 in bail and will not be able to leave the US until legal proceedings are over.
There was no time to raise the money on Friday so he will be released on Monday. A large number of researchers and people from the IT community have contributed to raise the bail amount.
The prosecution claimed that he had admitted to writing malware. However, Hutchins regularly does this as a means of testing code as his research is essentially into malware.
He will have to wear a GPS tag while he is on bail and will not be able to use the Internet or make contact with an alleged co-author of Kronos.
Doubts were raised earlier about the grounds on which he was arrested, with another security researcher Kevin Beaumont pointing out that the Kronos malware was a Russian creation.
Beaumont also pointed out that Hutchins had asked for a sample of Kronos at the time the malware was active, which he would not have needed to do if he was the creator.
More info from 2014: https://t.co/DWV6sgLK71— Kevin Beaumont (@GossiTheDog) August 3, 2017
In May, Hutchins, then an unknown researcher going by the Twitter handle MalwareTech, was hailed as a hero when he accidentally stopped the spread of WannaCry by registering a domain that was listed in the code of the malware.
He reasoned that this could be a command and control server and promptly registered the domain which appeared to be a random name, comprising letters from the top two rows of a keyboard. It cost him just US$10.69.
July 14th 2014. https://t.co/3bsgNpWbe9— Kevin Beaumont (@GossiTheDog) August 3, 2017
This was in order to create a sinkhole so he could examine the malware further.
But his action unwittingly stopped the malware from spreading as it had been programmed to check this domain, and continue spreading if it could not access the domain. Once he registered the domain, it was accessible, and when this happened the attacks gradually slowed down.