Small and Medium-scale Enterprises have recorded a 115 per cent increase in cyber attacks from fake productivity tools and artificial intelligence platforms.
This was disclosed by a global cybersecurity and antivirus company, Kaspersky, on Thursday, indicating that these attacks took place in the first four months of 2025.
The new report indicated that in 2025, nearly 8,500 users from small and medium-sized businesses globally faced cyberattacks where malicious or unwanted software was disguised as popular online productivity tools, Kaspersky reports.
Based on the unique malicious and unwanted files observed, the most common lures included Zoom and Microsoft Office, with newer AI-based services like ChatGPT and DeepSeek being increasingly exploited by attackers.
Kaspersky analysts exploring how frequently malicious and unwanted software are disguised as legitimate applications commonly used by SMBs sampled 12 online productivity apps and observed more than 4,000 unique malicious and unwanted files disguised as popular apps in 2025.
Cybersecurity experts noted that with the growing popularity of AI services, cybercriminals are increasingly disguising malware as AI tools.
The report indicated that the number of cyberthreats mimicking ChatGPT increased by 115 per cent in the first four months of 2025 compared to the same period last year, reaching 177 unique malicious and unwanted files. Another popular AI tool, DeepSeek, accounted for 83 files. This large language model launched in 2025 immediately appeared on the list of impersonated tools.
Commenting on the report, a security expert at Kaspersky, Vasily Kolesnikov, said, “Interestingly, threat actors are rather picky in choosing an AI tool as bait. For example, no malicious files mimicking Perplexity were observed. The likelihood that an attacker will use a tool as a disguise for malware or other types of unwanted software directly depends on the service’s popularity and hype around it. The more publicity and conversation there is around a tool, the more likely a user will come across a fake package on the internet.
“To be on the safe side, SMB employees, as well as regular users, should exercise caution when looking for software on the internet or coming across too-good-to-be-true subscription deals. Always check the correct spelling of the website and links in suspicious emails. In many cases, these links may turn out to be phishing or a link that downloads malicious or potentially unwanted software.”
A breakdown of the findings of the report showed that the number of malicious and unwanted software files disguised as Zoom increased by nearly 13 per cent in 2025, reaching 1,652, while such names as Microsoft Teams and Google Drive saw increases of 100 per cent and 12 per cent, respectively, with 206 and 132 cases.
Among the analysed samples, the highest number of files mimicked Zoom, accounting for nearly 41 per cent of all unique files detected. Microsoft Office applications remained frequent targets for impersonation: Outlook and PowerPoint each accounted for 16 per cent, Excel for nearly 12 per cent, while Word and Teams made up nine per cent and five per cent, respectively.
