Hackers target SMBs using AI and productivity tool malware

ISLAMABAD: A rising wave of cyberattacks has hit small and medium-sized businesses (SMBs), with nearly 8,500 users falling victim in 2025 alone, according to a new report released by Kaspersky.

The global cybersecurity firm revealed that cybercriminals are increasingly disguising malicious or unwanted software as trusted online productivity tools. These attacks primarily leverage the popularity of platforms like Zoom and Microsoft Office, while also capitalizing on the growing interest in AI-based services, such as ChatGPT and DeepSeek.

Kaspersky’s analysis showed a sharp rise in malware impersonating AI tools. Threats mimicking ChatGPT surged by 115% in just the first four months of 2025 compared to the same period in 2024, amounting to 177 unique malicious files. Meanwhile, DeepSeek, a large language model launched this year, accounted for 83 such files, a notable appearance for a newly introduced tool.

Among the 4,000+ unique malicious and unwanted files identified by Kaspersky in 2025, Zoom stood out as the most exploited brand, accounting for 41% of impersonations. Attacks linked to Zoom rose by 13%, totaling 1,652 files.

Other tools seeing significant spikes included:

• Microsoft Teams: 100% increase with 206 malicious files
• Google Drive: 12% increase, 132 cases

These platforms, now essential for remote work and virtual collaboration, are becoming high-risk zones for unsuspecting users.

Microsoft Office Tools Remain a Constant Target

Kaspersky’s report also revealed widespread misuse of Microsoft Office applications:

• Outlook & PowerPoint, 16% each
• Excel, nearly 12%
• Word, 9%
• Teams, 5%

Top Threats: Downloaders, Trojans, and Adware

The most common malware strains used in these campaigns were downloaders, trojans, and adware. Alongside this, phishing and scam schemes remained persistent threats, targeting SMBs with fake offers and credential theft attempts.

One alarming trend involved phishing campaigns impersonating Google Accounts, where attackers lured users with false promises of boosting company sales via ads on X (formerly Twitter), all in an attempt to steal login credentials.

Kaspersky’s Advice for SMBs

Security expert Vasily Kolesnikov from Kaspersky urges users to stay vigilant:

“Always check the correct spelling of the website and links in suspicious emails. In many cases, these links may turn out to be phishing or a link that downloads malicious or potentially unwanted software.”

Kaspersky has released detailed threat analysis and mitigation strategies to help SMBs identify, prevent, and respond to these escalating digital threats.

As digital tools become more integrated into daily business operations, especially within SMBs, cyber attackers are adapting fast, turning trusted platforms into tools for deception. Staying alert, informed, and using proper cybersecurity protocols is more critical than ever.