Kaspersky Warns SMBs of Growing Cyber Threats Disguised as Productivity and AI Tools

Small and medium-sized businesses (SMBs) around the world are increasingly being targeted by cybercriminals using deceptive techniques that disguise malware and unwanted software as legitimate online productivity and AI tools. According to new findings released by Kaspersky in its 2025 threat landscape report, nearly 8,500 SMB users globally encountered such attacks in the first half of the year alone.

Kaspersky’s analysis focused on 12 commonly used online productivity applications and revealed that more than 4,000 unique malicious and unwanted files were discovered mimicking these tools. This alarming trend highlights the sophistication and evolving tactics of cybercriminals who continue to exploit popular platforms, particularly as remote work, cloud-based collaboration, and artificial intelligence (AI) tools become staples of modern business operations.

AI Tools Become the Latest Lure for Malware

The report indicates a sharp rise in the use of AI-based services as bait. Cybercriminals are taking advantage of the hype surrounding generative AI, mimicking services such as ChatGPT and newer entrants like DeepSeek, to trick users into downloading malicious files.

Key findings include:

• A 115% increase in malicious and unwanted files mimicking ChatGPT compared to early 2024, with 177 unique instances recorded in 2025.

• DeepSeek, a large language model launched in 2025, was also impersonated in 83 unique files.

• Interestingly, no files were found mimicking Perplexity, another AI tool, underscoring how cybercriminals focus on tools that dominate media coverage and user interest.

“Threat actors are selective. The more attention a tool gets, the more likely it will be used to disguise malware,” noted Vasily Kolesnikov, a security expert at Kaspersky.

Productivity Tools Still Prime Targets

In addition to AI services, traditional business software remains a major vector for cyberattacks. Among the malicious files analysed, Zoom topped the list, accounting for 41% of all unique threats identified.

Other productivity tools used as disguise included:

• Microsoft Outlook and PowerPoint (16% each)

• Excel (12%)

• Word (9%)

• Microsoft Teams (5%)

• Google Drive (132 malicious files, up 12%)

• Microsoft Teams impersonations doubled (206 files, up 100%)

The continued exploitation of these tools reflects the reality of a hybrid work environment, where digital collaboration platforms are central to business operations, making them fertile ground for deception and exploitation.

Leading Threat Types in 2025

Kaspersky reports that the top threats disguised as legitimate applications include:

• Downloaders – software that silently downloads additional malicious programs

• Trojans – programs that appear benign but steal data or open backdoors for attackers

• Adware – intrusive software that displays or downloads advertising, often bundled with malware

These threats frequently bypass basic security checks, especially when downloaded outside official app stores or from unverified links in emails and social media.

Rise in Phishing and Spam Campaigns Targeting SMBs

The report also highlights the persistent risk of phishing and spam attacks aimed at small businesses. These schemes attempt to steal login credentials for services ranging from banking platforms to delivery systems, or to deceive employees into transferring money or disclosing sensitive data.

One highlighted phishing example involves attackers impersonating Google with a scam promising increased sales via advertising on X (formerly Twitter), ultimately aimed at harvesting Google login credentials.

Kaspersky also notes that AI-themed spam is becoming increasingly common, with messages offering automation of business processes or AI-based marketing services. Other spam themes reflect common SMB pain points, such as:

• Discounted email marketing solutions

• Quick-access business loans

• Content creation services

• Reputation management offers

• Lead generation packages

These schemes exploit the limited IT resources typical of smaller businesses, making them more susceptible to deception.

Recommendations: How SMBs Can Protect Themselves

To defend against these rising threats, Kaspersky advises SMBs to adopt the following best practices:

1. Use enterprise-grade cybersecurity solutions

   • Tools like Kaspersky Next offer advanced threat detection, control over cloud services, and network protection.

2. Implement strict access controls

   • Clearly define user roles and access permissions for email, shared folders, and cloud documents.

3. Backup critical data regularly

   • Ensure that backups are encrypted and stored separately from the primary system.

4. Establish software use guidelines

   • Require that all new software be vetted and approved by IT or relevant managers before installation.

5. Train employees on phishing and malware detection

   • Regularly educate staff to recognise suspicious links, unsolicited attachments, and fake domain names.

6. Monitor AI and new tech platforms

   • Be cautious with new, hyped technologies, and ensure any tool used is downloaded from verified sources.

Final Thoughts

With cyber threats becoming more targeted and adaptive, particularly toward SMBs using popular and emerging technologies, businesses must remain vigilant and proactive. The findings from Kaspersky’s latest report underline the urgent need for cybersecurity awareness, proper software vetting, and robust defensive tools to protect against increasingly convincing threats.

As the digital tools that power productivity and innovation continue to evolve, so too will the tactics of cybercriminals. Staying informed and alert is no longer optional—it’s essential.