Overview
- SentinelOne presented research at Black Hat Asia describing Fast16, a malware family that tampers with floating‑point (decimal) results in engineering and physics simulation software to sabotage outcomes.
- Analysts say the tool installs a Windows driver called fast16.sys that changes math outputs inside targeted programs and looks for high‑precision calculation tools on infected machines.
- Researchers believe the likely targets were LS‑DYNA 970, PKPM, and the MOHID hydrodynamic platform, and they have alerted the vendors so customers can review whether past results were skewed.
- Clues in the code suggest the malware runs only on single‑core Windows XP‑era systems, and a sample with a 'fast16' reference surfaced on VirusTotal in 2016, which together point to origins around 2005 with a mention recalled in the ShadowBrokers leak.
- SentinelOne argues the framework predates Stuxnet by about five years and may trace to U.S. operations tied to Iran‑related research, yet the team stresses the evidence is thin and has not identified specific victim binaries.