Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Tracking

Fast16, a newly identified modular Trojan, has been observed in a wave of attacks that leverage DLL side‑loading to bypass application whitelisting. Discovered by Cisco Talos on 2026‑01‑22, the malware drops a payload that exfiltrates credentials via a custom XOR‑encoded C2 channel. Its infection chain starts with a spear‑phished PDF containing a malicious LNK file that triggers a benign executable, which in turn loads the malicious DLL. Organizations are advised to monitor for anomalous DLL loading events and to enforce code signing policies to mitigate the risk.

Meanwhile, the open‑source messaging platform XChat released version 2.0 this week, introducing the Messaging Layer Security (MLS) protocol for group conversations. XChat now supports end‑to‑end encryption by default, using the Double Ratchet algorithm and offering encrypted file transfers up to 500 MB. The client also adds a privacy‑focused "Stealth Mode" that hides the app icon and notifications, aiming to counter surveillance in high‑risk environments.

In the United States, a bipartisan coalition reintroduced the Secure Communications Act, proposing a legal backdoor for law enforcement to access encrypted communications under a court order. The bill cites recent incidents where encrypted devices hindered investigations, while privacy advocates argue the measure would weaken security for all users and create a “golden key” that adversaries could exploit. The debate is set to intensify as the Senate Committee on the Judiciary schedules hearings for next month.

The rapid adoption of AI‑driven employee monitoring tools has raised fresh privacy concerns. A new product called WorkWatch AI, launched by CyberOptics, uses large language models to analyze keystroke patterns, screen activity, and facial expressions captured by webcams to generate productivity scores. The system stores all telemetry in a cloud‑based data lake, which researchers at MIT found vulnerable to credential‑stuffing attacks that could expose sensitive biometric data. Security teams are urged to evaluate the data‑handling practices of such AI solutions and enforce strict access controls to prevent potential breaches.