A British cyber security expert credited with stopping the worldwide WannaCry computer virus is due to appear in a US court for a hearing about statements prosecutors say he made in a recorded jailhouse phone call acknowledging that code he wrote ended up in malware.

A US grand jury indictment accuses Marcus Hutchins of creating and distributing malware known as Kronos, designed to steal banking passwords. Hutchins, 23, has pleaded not guilty.

Federal prosecutors in Milwaukee want to introduce as evidence statements he made to an unidentified person hours after FBI agents detained him in Las Vegas before he boarded a flight home to the UK last year.

The statements are included in a transcript filed in court on the eve of the hearing where Hutchins will ask for the phone conversation to be suppressed, along with a two-hour FBI interview.

Prosecutors have said Hutchins also made incriminating statements during the FBI interview. His attorneys have argued Hutchins did not fully understand Miranda warnings because he is a foreigner and was also sleep-deprived after a week partying in Vegas.

Hutchins’ arrest last August came as a shock because only four months earlier he was lauded as a cyber crime-fighting hero for finding a “kill switch” to slow the outbreak of the WannaCry virus, which crippled computers worldwide, encrypting files and making them inaccessible unless people paid a ransom ranging from 300 to 600 dollars.

In the jailhouse call, which Hutchins was told was being recorded, he said he “used to write malware” years before.

According to the transcript, Hutchins said: “So I wrote code for a guy a while back who then incorporated it into a banking malware, so they have logs of that, and essentially they want to know my part of the banking operation or if I just sold the code onto some guy then they wanted me to, once then found I sold the code to someone, they wanted me to give them his name, and I don’t actually know anything about him.”

The WannaCry virus affected NHS systems (Yui Mok/PA)
The WannaCry virus affected NHS systems (Yui Mok/PA)

The indictment said the crimes happened between July 2014 and July 2015, but prosecutors have not offered any details about the number of victims.

Prosecutors also said in recent court filings that Hutchins is suspected to have sold the Kronos software to someone in Wisconsin and that he “personally delivered” the software to someone in California.

Details of Hutchins’ arrest and the crimes he is accused of committing have otherwise been sparse – and Hutchins’ lawyers have repeatedly criticised prosecutors for it in court documents.

During the jailhouse call, Hutchins also said he repaid a debt of about 5,000 dollars by giving someone logs that had the compiled binary of the code he created for the person who used it for banking malware. He said both happened when he was about 18.

“I knew it was always going to come back,” Hutchins said on the call, adding that he did not “think it would be so soon”.

Robert Graham, a computer security expert not connected to the case, warned against concluding that Hutchins had done something wrong simply because his code wound up in malware.

He said: “I’m not saying he didn’t cross a legal line somewhere, but the quotes (in the filing) are still consistent with somebody who is a security researcher rather than a malware kingpin.”

In addition to computer fraud, the indictment lists five other charges, including attempting to intercept electronic communications and trying to access a computer without authorisation.

Hutchins faces decades in prison if convicted of all the charges. He has been barred from returning home and has been living in California, where he works as a cyber security consultant while awaiting trial.