Global cybersecurity company Kaspersky said on Wednesday that nearly 8,500 users from small and medium-sized businesses (SMBs) faced cyberattacks in the year so far, where “malicious or unwanted software” was disguised as popular online productivity tools.

In April, Kaspersky — a cybersecurity company that provides antivirus and other security software for computers and mobile devices — said that widespread adoption of artificial intelligence (AI) and machine learning technologies in recent years has provided “threat actors with sophisticated new tools to perpetrate attacks”.

In a press release issued today, Kaspersky said that based on the “unique malicious and unwanted files” observed, the most common lures for the cyberattacks included Zoom and Microsoft Office, with newer AI-based services such as ChatGPT and DeepSeek being increasingly exploited by attackers.

It said its analysts explored how frequently malicious and unwanted software was disguised as legitimate applications commonly used by SMBs, using a sample of 12 online productivity apps.

“In total, Kaspersky observed more than 4,000 unique malicious and unwanted files disguised as popular apps in 2025. With the growing popularity of AI services, cybercriminals are increasingly disguising malware as AI tools.

“The number of cyberthreats mimicking ChatGPT increased by 115 per cent in the first four months of 2025 compared to the same period last year, reaching 177 unique malicious and unwanted files. Another popular AI tool, DeepSeek, accounted for 83 files. This large language model launched in 2025 immediately appeared on the list of impersonated tools.”

Vasily Kolesnikov, security expert at Kaspersky, noted that threat actors were rather selective in choosing an AI tool as bait.

“The likelihood that an attacker will use a tool as a disguise for malware or other types of unwanted software directly depends on the service’s popularity and hype around it.”

He added that the more publicity and conversation there was around a tool, the more likely a user would come across a fake package on the internet.

Kolesnikov warned SMB employees to exercise caution when looking for software on the internet or when they encountered “too-good-to-be-true” subscription deals, advising them to check the correct spellings of the websites and links in suspicious emails.

“In many cases, these links may turn out to be phishing or a link that downloads malicious or potentially unwanted software,” he added.

The firm also warned about the growing use of collaboration platform brands to trick users into downloading or launching malware.

“The number of malicious and unwanted software files disguised as Zoom increased by nearly 13pc in 2025, reaching 1,652, while such names as ‘Microsoft Teams’ and ‘Google Drive’ saw increases of 100pc and 12pc, respectively, with 206 and 132 cases,” it said, noting that the pattern likely reflected the normalisation of remote work and geographically distributed teams, which has made these platforms integral to business operations across industries.

The firm said that among the analysed sample, the highest number of files mimicked Zoom, accounting for nearly 41pc of all unique files detected. Of Microsoft Office applications being mimicked, Outlook and PowerPoint each accounted for 16pc, Excel for nearly 12pc, while Word and Teams made up 9pc and 5pc, respectively.

It added that downloaders, trojans and adware were among the top threats targeting SMBs in 2025.

“Apart from malware threats, Kaspersky continues to observe a wide range of phishing and scam schemes targeting SMBs. Attackers aim to steal login credentials for various services — from delivery platforms to banking systems — or manipulate victims into sending them money through deceptive tactics. One example is a phishing attempt targeting Google Accounts. Attackers promise potential victims to increase sales by advertising their company on X, with the ultimate goal of stealing their credentials.

“Beyond phishing, SMBs are flooded with spam emails. Not surprisingly, AI has also made its way into the spam folder — for example, with offers for automating various business processes.”

The firm concluded by advising owners and employees of SMBs to use specialised cybersecurity solutions to mitigate threats, define access rules for corporate resources such as shared folders and documents, and back up important data regularly.

It also recommended establishing clear guidelines for using external services and creating well-defined procedures to implement new software.