• Fake AI and office apps hit more SMBs in 2025.
• ChatGPT and Zoom used to spread malware.

Thousands of small and medium-sized businesses (SMBs) encountered cyberattacks in 2025 involving fake versions of popular productivity tools, according to new data from Kaspersky. Nearly 8,500 users were affected by malicious or unwanted software posing as legitimate apps — most often Zoom and Microsoft Office. Attackers also began using AI tools like ChatGPT and DeepSeek to trick users into downloading harmful files.

Kaspersky looked at how often threats were disguised as common online tools. Across 12 apps examined, researchers found over 4,000 unique malicious or suspicious files in 2025. A noticeable rise came from files pretending to be AI tools. ChatGPT-related threats jumped 115% in the first four months of the year compared to the same period in 2024. Kaspersky identified 177 files pretending to be ChatGPT and 83 mimicking DeepSeek, a large language model released in 2025.

Kaspersky’s Vasily Kolesnikov said attackers tend to go after tools that are widely talked about. “The more publicity and conversation there is around a tool, the more likely a user will come across a fake package on the internet,” he said. Kolesnikov advised SMB employees and everyday users to double-check URLs and avoid suspicious email links or software offers that seem too generous.

Aside from AI tools, collaboration platforms remain a common disguise for malware. Fake Zoom files rose nearly 13% to 1,652 this year. Threats mimicking Microsoft Teams and Google Drive also climbed — by 100% and 12%, respectively — with 206 and 132 files flagged. These tools have become essential for distributed teams, making them easy targets for impersonation.

Among the apps reviewed, Zoom stood out as the most copied, accounting for 41% of all detected threats. Microsoft Office apps were also high on the list: Outlook and PowerPoint each made up 16%, Excel nearly 12%, while Word and Teams followed at 9% and 5%.

The most common types of threats aimed at SMBs in 2025 were downloaders, trojans, and adware.

Phishing and spam tactics also on the rise

Kaspersky also reported a steady stream of phishing scams and spam aimed at SMBs. Many scams attempt to grab login credentials for services like banking platforms or delivery apps. One example involved a fake Google login page offering to promote a business on X — a scheme built to steal user credentials.

Spam continues to flood inboxes as well. Some messages now claim to offer AI-powered business automation. Others promote email marketing tools, business loans, or services like lead generation and reputation management — all crafted to appeal to small business owners.

According to Kaspersky, attackers are tailoring these phishing and spam campaigns to match what SMBs typically search for online, making them harder to spot at a glance.