The Illusion of Progress: Fighting 2005 Malware and AI Overreach in 2026

Reading the weekly recap, I can't help but agree with the sentiment: "Everything is dumb again." It feels less like innovation and more like regression. We're dealing with Fast16, a Lua-based malware framework that dates back to the mid-2000s (pre-Stuxnet), yet it's apparently relevant enough to make headlines again. If we are still fighting OT sabotage frameworks from two decades ago, have we actually progressed?

Meanwhile, the "fake help desk" trend is terrifyingly effective. We're seeing actors abuse trusted platforms like Microsoft Teams to deliver payloads (similar to the UNC6692 SNOW delivery methods). Users are conditioned to trust the "IT Support" popup, and attackers know it. It’s not just about CVEs anymore; it’s about abusing trust in legitimate tools like the new XChat platforms and standard remote access software.

Detection is getting noisy, but we can focus on the behavioral anomalies. For those hunting on their endpoints, watch for communication apps spawning shells:

DeviceProcessEvents
| where InitiatingProcessFileName =~ "teams.exe" or InitiatingProcessFileName =~ "xchat.exe"
| where FileName in~ ("powershell.exe", "cmd.exe", "mshta.exe", "python.exe")
| project Timestamp, DeviceName, AccountName, InitiatingProcessCommandLine, ProcessCommandLine


And for the Fast16/Lua activity on legacy systems, don't ignore obscure script interpreters:

# Check for recently modified Lua scripts on non-standard paths
find /home /var /tmp -name "*.lua" -mtime -1 -exec ls -la {} \; 2>/dev/null


We have AI tools tracking employee keystrokes on one side and 20-year-old malware on the other. It’s a mess.

**Discussion:** With the rise of "living-off-the-land" attacks using trusted chat apps, are you guys blocking scripting languages (PowerShell/Python) entirely for standard users, or is that just a pipe dream in 2026?