The British computer expert who helped shut down a world-wide cyber attack that crippled the NHS was due to appear in a US court charged with creating software that harvested banking details.
Marcus Hutchins, from Ilfracombe, Devon, was due to appear before a judge in Las Vegas on Thursday afternoon accused of six counts of creating and distributing the malware known as Kronos, the US department of justice said.
Officials said after the 23-year-old's arrest by the FBI on Wednesday that he was indicted by a grand jury in the Eastern District of Wisconsin in relation to charges in the year leading up to July 2015.
Hutchins, also known as MalwareTech, was hailed a hero in May this year when he found a "kill-switch" that slowed the effects of the WannaCry "ransomware" virus that hit more than 300,000 computers in 150 countries.
The investigation predates that attack and is completely unrelated, officials stressed.
The indictment says Hutchins created the Kronos malware before conspiring with another defendant, whose name has been redacted, to advertise and sell it on internet forums.
In August 2014 the unnamed defendant sold the software for $2,000 in a digital currency in June 2015, the legal document adds.
Hutchins' mother, Janet Hutchins, said it was "hugely unlikely" that her son was involved because he has spent "enormous amounts of time and even his free time" combating such attacks.
She said she is "outraged" by the charges and has been "frantically calling America" trying to contact her son.
A friend from the IT security industry, who spoke on the condition of anonymity, said Hutchins was arrested in McCarran International Airport after he tried to fly back from the Def Con hacking conference.
The Electronic Frontier Foundation, a San Francisco-based digital rights group, said it is "deeply concerned" and has reached out to Hutchins.
Naomi Colvin, from civil liberties campaign group Courage, echoed the foundation and praised Hutchins' earlier work.
She said: "In May this year, WannaCry malware closed hospitals in the UK, becoming the first ransomware attack to represent an actual threat to life.
"In halting the spread of WannaCry before the US woke up, MalwareTech did the world an enormous service - and to American businesses in particular."
Ms Colvin said he had been detained for 24 hours before information was released about his arrest and said he has still not been allowed to contact his family or lawyers.
"The US treats hackers far worse than other countries do, with much longer prison sentences, a dearth of vital health care and rampant solitary confinement," she said.
The Foreign Office said it is supporting Hutchins' family and is in contact with authorities in Las Vegas while the National Cyber Security Centre also said it was "aware of the situation".