Alex Yucel, 24, was arrested in Moldova in November. He stands accused of co-creating RAT malware and owning and operating the BlackShades group that sold it.
He entered his plea before a federal judge in Manhattan after being extradited to the United States.
He faces two counts of computer hacking, one count of conspiring to commit access device fraud, one count of access device fraud and one count of aggravated identity theft.
If convicted, Yucel faces up to 17 years in prison.
Nearly 100 people were arrested in Europe and the United States in a bust targeting the creators, sellers and users of the malware in 16 countries, authorities announced in May.
The program, dubbed RAT for "Remote Access Tools," allowed hackers to access private photographs, passwords, spy on victims through webcams, lock data and then send out "ransom notes" to extort money.
The RAT program could also harass or frighten victims through messages that computers would read aloud, and in some cases, it gave hackers access to webcams to spy inside private homes.
The program generated sales of $350,000 between September 2010 and April 2014, with more than 6,000 customer accounts in more than 100 countries, according to the FBI.
It was sold to hackers for $40 each.
More than 500,000 computers were infected, according to US Attorney Preet Bharara.