ISLAMABAD – Nearly 8,500 users from small and medium-sized businesses (SMBs) faced cyberattacks this year where malicious software was disguised as popular online tools.
Kaspersky reports the most common lures included Zoom and Microsoft Office, with newer AI-based services like ChatGPT and DeepSeek being increasingly exploited by attackers.
Kaspersky observed more than 4,000 unique malicious files disguised as popular apps in 2025. With the growing popularity of AI services, cybercriminals are increasingly disguising malware as AI tools. The number of cyberthreats mimicking ChatGPT increased by 115% in the first four months of 2025 compared to the same period last year, reaching 177 unique malicious files. DeepSeek accounted for 83 files.
“The likelihood that an attacker will use a tool as a disguise for malware or other types of unwanted software directly depends on the service’s popularity and hype around it. The more publicity and conversation there is around a tool, the more likely a user will come across a fake package on the internet. SMB employees – as well as regular users – should exercise caution when looking for software on the internet or coming across too-good-to-be-true subscription deals”, says Vasily Kolesnikov, security expert at Kaspersky.
Another cybercriminal tactic to look for in 2025 is the growing use of collaboration platform brands to trick users into downloading or launching malware. The number of malicious and unwanted software files disguised as Zoom increased by nearly 13% in 2025, reaching 1,652, while such names as “Microsoft Teams” and “Google Drive” saw increases of 100% and 12%, respectively.
Among the analyzed sample, the highest number of files mimicked Zoom, accounting for nearly 41% of all unique files detected. Microsoft Office applications remained frequent targets for impersonation: Outlook and PowerPoint each accounted for 16%, Excel for nearly 12%, while Word and Teams made up 9% and 5%, respectively. The top threats targeting small and medium businesses in 2025 included downloaders, trojans and adware.
Kaspersky also observe a wide range of phishing and scam schemes targeting SMBs. Attackers aim to steal login credentials for various services — from delivery platforms to banking systems — or manipulate victims into sending them money through deceptive tactics. One example is a phishing attempt targeting Google Accounts. Attackers promise potential victims to increase sales by advertising their company on X, with the ultimate goal to steal their credentials.
Beyond phishing, SMBs are flooded with spam emails. Not surprisingly, AI has also made its way into the spam folder — for example, with offers for automating various business processes.
To mitigate threats targeting businesses, their owners and employees are advised to use specialized cybersecurity solutions that provide visibility and control over cloud services (e.g., Kaspersky Next). Define access rules for corporate resources such as email accounts, shared folders, and online documents. Regularly backup important data. Establish clear guidelines for using external services. Create well-defined procedures for implementing new software with the involvement of IT and other responsible managers.
