Cyberattacks disguised as ChatGPT and other AI tools have skyrocketed by 115% in early 2025, posing a major threat to small and medium-sized businesses (SMBs). According to new Kaspersky data, over 8,500 users within SMBs were exposed to malicious or unwanted software camouflaged as popular productivity tools. While long-established bait like Zoom and Microsoft Office remains widespread, cybercriminals are now increasingly leveraging AI platforms such as ChatGPT and DeepSeek to infiltrate systems.

In a recent investigation using 12 well-known apps as a sample, Kaspersky identified over 4,000 unique malicious files mimicking popular software in 2025. Among them, ChatGPT clones accounted for 177 threats—a 115% jump compared to the same period last year—while DeepSeek, a newly launched large language model, was tied to 83 malicious files.

AI Popularity Drives Threat Choices

Kaspersky security expert Vasily Kolesnikov explains:

“Threat actors are highly selective when choosing AI tools to mimic. No malicious activity was detected mimicking tools like Perplexity. Attackers clearly prefer platforms that are trending and have large user bases.”

He warns users and SMBs to exercise extreme caution when encountering enticing software bundles or “too good to be true” offers online, and to double-check links and sender details in emails to avoid phishing.

Collaboration Platforms Become New Frontline

Kaspersky also highlighted a surge in malware disguised as collaboration platforms.

• Zoom impersonations rose 13%, with 1,652 malicious files detected.
• Microsoft Teams saw a 100% increase, with 206 incidents, and Google Drive threats grew by 12%, totaling 132 files.
  These trends reflect the continued expansion of remote work and hybrid teams globally.

Among all impersonated platforms:

• Zoom topped the list with 41% of all malicious files.
• Outlook and PowerPoint each held 16%, Excel 12%, and Word and Teams made up the remainder.

Phishing and Spam Flood SMB Inboxes

Beyond malware, phishing and spam campaigns have intensified. Attackers lure victims through fake promotions, impersonating delivery companies, banks, and even Google login pages. One tactic involves promising businesses better visibility on social platforms like X (formerly Twitter) to trick users into sharing credentials.

AI-generated spam is also on the rise, with automated messages offering services like lead generation, content creation, or SEO to gain trust and access.

Kaspersky’s Defense Recommendations for SMBs:

• Use cybersecurity solutions offering cloud visibility and control (e.g., Kaspersky Next).
• Establish strict access rules for company resources like emails and shared folders.
• Perform regular data backups.
• Define clear protocols for introducing new software into company workflows.

🔒 For deeper insights into the 2025 SMB cyberthreat landscape, visit Securelist by Kaspersky.