A British hacker credited with helping to stop the global WannaCry attack has been arrested by the FBI and indicted on several criminal counts, US officials have said.
Marcus Hutchins was charged with creating and distributing banking malware, according to court filings.
The case is unrelated to the WannaCry attack that struck the NHS in May, the US Justice Department said.
Hutchins was arrested at McCarran International Airport in Las Vegas after he tried to fly back from the Def Con hacking conference, according to a friend in the IT security industry.
The security website Motherboard, which first reported news of his arrest, said Hutchins was initially held at the Henderson Detention Centre in Nevada and then moved to another facility.
Court filings accuse Hutchins, known online as MalwareTech, of advertising, distributing and profiting from malware code known as Kronos that stole online banking credentials and credit card data.
Such malware infects web browsers, then captures usernames and passwords when an unsuspecting user visits a bank's website or another trusted location.
The suspected activity took place between July 2014 and July 2015, according to the court documents.
She described any involvement by her son in the alleged activity as 'hugely unlikely', saying he has spent 'enormous amounts of time and even his free time' fighting such attacks.
Mrs Hutchins said she has been 'frantically calling America' trying to contact her son.
Hutchins, a 23-year-old from Ilfracombe, Devon, gained worldwide attention for detecting a 'kill switch' that effectively disabled the WannaCry worm in May.
The attack crippled the NHS and infected hundreds of thousands of computers worldwide, causing disruption at car factories, hospitals, shops and schools in more than 150 countries.
Naomi Colvin, from civil liberties campaign group Courage, said: 'In halting the spread of WannaCry before the US woke up, MalwareTech did the world an enormous service - and to American businesses in particular.
Experts have connected the May ransomware attack to Lazarus, a group also linked to the 2014 Sony Pictures hack.
The software, called WannaCry or Wanna Decryptor, exploited a vulnerability in the Windows operating system.
It allowed the malware to automatically spread across networks, so it can quickly infect large numbers of machines at the same organisation.