The cybersecurity landscape for small and medium-sized enterprises (SMEs) has become increasingly treacherous, with a dramatic 115% surge in cyberattacks originating from counterfeit productivity tools and artificial intelligence (AI) platforms in the first four months of 2025. This alarming trend, identified by Kaspersky, a global cybersecurity firm, highlights the evolving tactics of cybercriminals who exploit the widespread adoption of these tools to infiltrate unsuspecting businesses. The report reveals that nearly 8,500 SME users globally fell victim to these attacks, which involved malicious or unwanted software masquerading as legitimate applications. This underscores the critical need for heightened vigilance and proactive security measures within the SME sector.
The allure of popular online productivity tools and the burgeoning interest in AI services have provided fertile ground for these malicious campaigns. Cybercriminals have leveraged well-known platforms like Zoom and Microsoft Office, alongside emerging AI tools such as ChatGPT and DeepSeek, to deceive users. Kaspersky’s analysis of 12 commonly used online productivity apps uncovered over 4,000 unique instances of malicious and unwanted files disguised as these legitimate applications. This tactic preys on the trust users place in these tools, often leading them to unwittingly download and execute malware. The rapid rise in popularity of AI services has further amplified this risk, as attackers increasingly capitalize on the hype surrounding these technologies.
The meteoric rise of ChatGPT, in particular, has made it a prime target for impersonation. Kaspersky’s report indicates a staggering 115% increase in cyberthreats mimicking ChatGPT in the first four months of 2025 compared to the same period in the preceding year. This resulted in the detection of 177 unique malicious and unwanted files disguised as the popular AI chatbot. DeepSeek, another emerging AI tool, has also attracted the attention of cybercriminals, with 83 malicious files attributed to its impersonation. This rapid exploitation of new technologies highlights the agility of cybercriminals in adapting their tactics to leverage trending platforms and exploit user interest.
The choice of AI tools targeted by cybercriminals is not random. The popularity and hype surrounding a particular tool directly correlate with its likelihood of being impersonated. As Vasily Kolesnikov, a security expert at Kaspersky, explains, the more publicity a tool receives, the higher the chances of users encountering fake versions online. This targeted approach demonstrates the strategic nature of these attacks, focusing on platforms with the widest reach and greatest potential for successful infiltration. This underscores the need for user education and awareness, emphasizing the importance of verifying the legitimacy of software downloads and avoiding enticing but potentially dangerous offers.
The specific breakdown of Kaspersky’s findings further illustrates the pervasiveness of these threats. The number of malicious files imitating Zoom increased by nearly 13% in 2025, reaching 1,652. Microsoft Teams and Google Drive also witnessed significant increases, with 100% and 12% rises, respectively, resulting in 206 and 132 detected instances. Zoom accounted for the largest share of impersonated applications, comprising nearly 41% of all unique malicious files detected. Microsoft Office applications remained a consistent target, with Outlook and PowerPoint each accounting for 16%, Excel for nearly 12%, and Word and Teams for 9% and 5%, respectively. This widespread targeting of popular productivity tools underscores the broad reach of these attacks and the need for comprehensive security measures across various platforms.
In conclusion, the surge in cyberattacks targeting SMEs through fake productivity and AI tools highlights the increasing sophistication and adaptability of cybercriminals. The exploitation of popular platforms and the rapid adoption of new technologies like ChatGPT and DeepSeek necessitate a proactive approach to cybersecurity. SMEs must prioritize user education, emphasizing the importance of verifying software sources and exercising caution when encountering enticing offers. Regular security updates, robust antivirus software, and employee training are crucial in mitigating these risks and safeguarding businesses from the escalating threat landscape. The evolving nature of cyberattacks requires constant vigilance and adaptation to stay ahead of these malicious actors and protect valuable data and resources.
