Marcus Hutchins, the British computer expert who helped shut down a world-wide cyber attack that crippled the NHS, has been charged with creating banking malware, the US Department of Justice said.

Hutchins discovered a 'kill-switch' for the virus after it paralysed thousands of NHS computers and claimed hundreds of thousands of victims around the world - including US courier service FedEx and German rail company Deutsche Bahn - in May.

But now the internet hero, also known as MalwareTech, has been arrested by the FBI in Nevada and charged with a role in making malware.

The 23-year-old from Ilfracombe, Devon, is alleged to have played a role in 'creating and distributing the Kronos banking Trojan' between July 2014 and July 2015.

Marcus, pictured, has been charged with creating and distributing a banking Trojan capable of stealing people's log-in information

During his time in the US Mr Hutchins Tweeted that he rented a bright orange Lamborghini

Marcus Hutchins prevented more than 100,000 computers across the globe from being infected with the WannaCry virus (pictured) in May

The Department of Justice said in a statement: 'Marcus Hutchins ... was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan.'

The indictment says Hutchins created the Kronos malware before conspiring with another defendant, whose name has been redacted, to advertise and sell it on internet forums.

In August 2014 the unnamed defendant sold the software for 2,000 dollars (£1,522) in a digital currency in June 2015, the legal document adds.

The Kronos Trojan was first advertised on underground forums in July 2014 and claimed to be capable of stealing banking log-in details from web browsers including Internet Explorer, Firefox and Chrome.

It was apparently being offered for sale on various sites for more than £5,300.

Unwitting users could be duped into downloading the malware when opening emails containing seemingly genuine attachments.

The details they used to access their bank accounts could then be stolen.

Pictured: An example of a phishing email (with an attachment containing malware) used to transmit the Kronos banking Trojan

Hutchins' mother, Janet Hutchins, said it was 'hugely unlikely' that her son was involved because he has spent 'enormous amounts of time and even his free time' combating such attacks.

She added that she is 'outraged' by the charges and has been 'frantically calling America' trying to contact her son.

Hutchins was being held at the Henderson Detention Center after being arrested at Las Vagas's McCarran International Airport but has since been moved to another facility, a friend told Motherboard.

The friend, who also works in the cyber security industry, was attending the Def Con event in the Nevada city with Hutchins.

He said: 'He checked into his flight and I think he was sitting in the Virgin upper class lounge.

'He was escorted out of the airport and never made his flight.'

The cyber community expressed their concern over his arrest with Naomi Colvin, from civil liberties campaign group Courage, praising him for his earlier work.

She said: 'In May this year, WannaCry malware closed hospitals in the UK, becoming the first ransomware attack to represent an actual threat to life.

'In halting the spread of WannaCry before the US woke up, MalwareTech did the world an enormous service - and to American businesses in particular.'

Ms Colvin said he had been detained for 24 hours before information was released about his arrest and said he has still not been allowed to contact his family or lawyers.

'The US treats hackers far worse than other countries do, with much longer prison sentences, a dearth of vital health care and rampant solitary confinement,' she said.

The anonymous friend added: 'We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare.'

Pictured: Hacker hero Marcus Hutchins

The National Crime Agency confirmed Hutchins had been detained but said 'it is a matter for the authorities in the US'.

The Foreign Office said it is supporting Hutchins' family and is in contact with authorities in Las Vegas.

Hutchins, who works for Los Angeles-based firm Kryptos Logic, spent the weekend in May fighting off the ransomware attack - but stressed he is not a 'hero'.

After his intervention he began working with the government's National Cyber Security Centre to prevent a new strain of the malicious software emerging.

The security worker spent £8 registering the domain name the virus tried to connect with when it infected a new computer and pointed it at a 'sinkhole server' in Los Angeles.

It caused the malicious software to enact an 'emergency stop', immediately halting its spread - but at first the cyber expert feared he had actually made the virus epidemic worse.

He said: 'Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading.'

Speaking of the moment he stopped the virus, the anti-malware expert previously told MailOnline: 'It should have been really nice but someone had made a mistake and told me that our registering of the domain actually caused the infection.

'When I found out that it was actually the opposite it was more a relief.'

North Korea has been linked with the attack, but in May an official from the authoritarian regime said talk of a connection was 'ridiculous',

His arrest comes as more than £100,000 of digital currency bitcoin that was paid by victims of the WannaCry attack was withdrawn from the hackers' online wallets.

There is no indication that the two events are connected.

Victims were asked to pay around £230 in Bitcoins to get back control of their systems and monitoring websites showed the wallets holding the payments had been emptied today.

No one has claimed responsibility for the attack but experts have connected it to Lazarus, a group also linked to the 2014 Sony Pictures hack.