In what we have of 2025, malware attacks against SMEs that simulate come from productivity tools have increased significantly. We talk about the security gaps that camouflage themselves as AI platforms, the case of Chatgpt or the Emerging Deepseek, which have experienced 115% growth, in just the first four months of the year.
This new wave of threats has already affected almost 8,500 users of small and medium enterprises around the world. The hook they use is very simple: attackers are passed through popular applications and offer supposed free versions or accesses of them. The reality is that a arsenal of Trojans designed to steal data or infiltrate corporate networks is hidden behind.
Kaspersky experts have analyzed more than 4,000 malicious or unwanted files that supplanted 12 of the online tools most used by companies. The pattern is repeated: the more noise a tool generates in social media or networks, the greater its attractiveness as a lure for malware.
“The greater the attention and advertising around a tool, the more likely it will be that a user will find a false package on the Internet. Interestingly, cybercriminals are quite selective. For example, we have not detected files that imitate Perplexity, despite being an advanced tool. They always choose the most popular,” explains Vasily Kolesnikov, Kaspersky’s security analyst.
Cybercriminals take advantage of the AI rise to launch increasingly sophisticated attacks. Chatgpt, Zoom or Microsoft Teams are among the baits most used by malware that stalks SMEs
Among the most striking cases is that of the newcomer Depseek, which already accumulates 83 fraudulent files so far this year, and chatgpt, with 177. Both are among the most imitated by the attackers. The reason is clear: the growing curiosity of users to try these tools can make their guard down
Zoom, Teams or Drive: Remote work also has its dark face
But not everything is artificial intelligence. Collaboration platforms remain one of the most effective baits. Zoom heads the ranking as the most supplanted application in 2025, concentrating 41 % of the malicious files detected in the study. Microsoft Teams and Google Drive also experience worrying growth, with 100 % and 12 % increases, respectively.
This tactic works because it attacks the core of modern work. “The normalization of hybrid work has turned these platforms into an essential part of any company,” they remember from Kaspersky. “And that makes them vulnerable: many users do not question a download if it comes under the name of a tool they use daily.”
Phishing, spam and other invisible threats
The panorama is completed with the constant bombardment of fraudulent emails. From Phishing campaigns that simulate being promotions on social networks, to spam messages that promise to automate tasks with AI, SMEs are in the spotlight. In many cases, attackers pretend to be service providers or even financial entities, seeking to steal credentials or force transfers.
“Cybercriminals are adapting their messages to the real needs of companies,” says Kolesnikov. “It is no longer about generic scams: now they offer ‘solutions’ for marketing, loans or lead generation, everything that an SME can be looking for to grow.”
Security tips
To deal with this threat, experts recommend acting in several directions:
- Adopt cybersecurity solutions with the capacity to monitor cloud services (such as Kaspersky Next)
- Control access to corporate tools and restrict the installation of unauthorized software
- Make periodic backups and train employees in good digital practices
- Always verify the origin of the software, avoiding suspicious links or too attractive promotions
