British citizen Marcus Hutchins, 23, has been named in an indictment by the US Department of Justice (DoJ) as a suspect linked to the spread malware between July 2014 and July 2015.
But the 23-year-old has today been arrested in Las Vegas by the Federal Bureau of Investigation, where he was attending hacking conferences.
"This is a law enforcement matter and it would be inappropriate to comment further".
An indictment filed in a USA district court in Wisconsin accuses Hutchins, also known online as "MalwareTech", of advertising, distributing and profiting from malware code known as Kronos that stole online banking credentials and credit card data.
The indictment said the Kronos banking Trojan was created to harvest and transfer the username and password associated with banking websites as it was entered on an infected computer that was not accessible to the victim.
The National Cyber Security Centre also said it is aware of the situation.
Marcus Hutchins was charged with creating and distributing banking malware, according to court filings. Mabbitt says the researcher was "detained" on August 2 but U.S. officials wouldn't tell him where he had been moved to.
He said: "I've been stuck at the computer working for the past three days trying to sort all this out".
The FBI initially announced no details about the arrest, leading some to fear Hutchins had been targeted over his WannaCry research.
Colleagues of Hutchins have started defending him online.
Marcus, from Devon, works for Los Angeles-based Kryptos Logic.
The indictment also charges Hutchins and the co-defendant (s) with using a device to intercept communications in violation of the Wire Tap Act.
The malware, it turned out, contained computer code that pinged an unregistered Web address, and if it didn't get back a message saying the address didn't exist, it turned itself off. Hutchins' act stopped much of its spread. Cybersecurity experts have linked the hack to North Korea. Although, on August 2, it is reported that $140,000 raised by the ransomware attack was withdrawn from the Bitcoin wallet where payment was demanded to be made.