In 2025, the cyber threat landscape has evolved dramatically, with a marked increase in malicious activity targeting small and medium-sized businesses (SMBs). According to a recent report from Kaspersky, nearly 8,500 SMB users worldwide encountered cyberattacks involving malware and unwanted software masquerading as popular online productivity tools.
Based on observations of over 4,000 unique malicious and unwanted files disguised as widely used applications, Kaspersky highlights a disturbing trend: cybercriminals are increasingly exploiting the popularity of AI-based services to disseminate malware. The most common lures include well-known applications such as Zoom and Microsoft Office, alongside emergent AI tools like ChatGPT and DeepSeek, which are gaining traction as targets for impersonation.
AI Services Under Attack
The report notes that cybercriminals are actively disguising malware as AI tools, with threats mimicking ChatGPT surging by 115% in the first four months of 2025 compared to the same period last year. In total, 177 malicious and unwanted files impersonating ChatGPT were identified during this period.
Another AI tool, DeepSeek, which was launched in 2025, also appears on the threat list, with 83 files detected mimicking the language model. Interestingly, Kaspersky researchers observed a selective approach by threat actors, noting that no malicious files mimicking Perplexity were found.
Vasily Kolesnikov, a security expert at Kaspersky, explains, “Interestingly, threat actors are rather picky in choosing an AI tool as bait. For example, no malicious files mimicking Perplexity were observed. The likelihood that an attacker will use a tool as a disguise for malware depends heavily on the service’s popularity and the buzz around it. The more publicity a tool receives, the higher the chances of encountering fake or malicious packages on the internet.”
Impersonating Communication and Collaboration Platforms
The rise of remote work has made collaboration platforms essential to business operations, which cybercriminals are exploiting. In 2025, files disguised as Zoom increased by nearly 13%, totaling 1,652 detections. Similarly, impersonations involving Microsoft Teams and Google Drive saw respective increases of 100% and 12%, with 206 and 132 cases detected.
Zoom accounted for approximately 41% of all fake files in the sample, making it the most impersonated platform. Microsoft Office applications continue to be heavily targeted, with Outlook and PowerPoint each representing 16% of impersonation cases, Excel nearly 12%, while Word and Teams accounted for 9% and 5%, respectively.
Common Threats and Attack Vectors
The most prevalent threats targeting SMBs include downloaders, Trojans, and adware. These malicious programs are often delivered through disguised files that appear legitimate, exploiting the trust placed in familiar applications.
Beyond traditional malware, phishing and spam campaigns remain a significant concern. Cybercriminals are deploying sophisticated schemes to steal credentials for services such as delivery platforms and financial accounts or manipulate victims into transferring money under pretenses.
Kaspersky reports a notable phishing attempt targeting Google Accounts, where attackers promise increased sales by advertising companies on social platforms like X, aiming to steal login details.
Spam and Deceptive Offers
Spam emails continue flooding SMB inboxes, often featuring enticing offers for business automation, loans, reputation management, content creation, or lead generation. AI has also made its way into spam content, further complicating detection efforts.
Mitigation Strategies
Kaspersky emphasizes the importance of vigilance. “Always verify the authenticity of websites and links in suspicious emails,” advises Kaspersky security expert Vasily Kolesnikov. “Many malicious links are designed to look legitimate but are phishing attempts or downloads for malware.”
As SMBs face an increasing barrage of cyber threats, implementing robust cybersecurity measures, employee training, and vigilant online practices is crucial to safeguarding against these evolving dangers.
Play audio
No comments