Kaspersky, a leading Russian cybersecurity company, has released research highlighting a sharp rise in cyberattacks targeting small and medium-sized businesses (SMBs) using fake productivity and AI tools as lures. The most notable finding was a 115% increase in cyberthreats that mimic ChatGPT compared to the same period in 2024, with 177 unique malicious and unwanted files detected in the first four months of 2025.
The report revealed that nearly 8,500 SMB users globally were affected by attacks where malware or potentially unwanted applications (PUAs) were disguised as popular online productivity tools. The most commonly impersonated applications included Zoom, Microsoft Office (Outlook, PowerPoint, Excel, Word, Teams), and newer AI-based services like ChatGPT and DeepSeek.
Cybercriminals are exploiting the growing popularity and media attention around AI tools to trick users into downloading malicious software. For example, DeepSeek, a large language model launched in 2025, was also impersonated in 83 unique files. Kaspersky’s analysis focused on 12 commonly used online productivity applications and found more than 4,000 unique malicious and unwanted files mimicking these tools in 2025.
The tactics used by attackers include phishing campaigns and spam, where fake offers or urgent messages prompt users to download what appear to be legitimate productivity or AI applications. Kaspersky warns workers and organizations to be vigilant, verify sources before downloading, and establish clear software adoption procedures to mitigate these risks.
