ChatGPT impersonation attacks increased by 115% in 2025

ChatGPT impersonation attacks increased by 115% in 2025

A recent report from Kaspersky Lab revealed that 8,500 small and medium-sized business users were exposed to cyberattacks in 2025.

These attacks featured malware disguised as popular productivity tools and AI services , posing a growing security challenge for these companies.

Kaspersky experts analyzed a sample of 12 applications commonly used by small and medium-sized businesses (SMBs) and detected more than 4,000 malicious and unwanted files disguised as these applications in 2025.

Exploiting the popularity of AI tools in cyber attacks:

Cybercriminals are disguising malware as AI tools , capitalizing on the growing demand for these services. The number of cyberthreats masquerading as ChatGPT increased by 115% during the first four months of 2025, compared to the same period last year, reaching 177 malicious and unwanted files.

Kaspersky also detected 83 malicious files masquerading as the DeepSeek AI model. This is a remarkable number considering that DeepSeek was launched in early 2025, demonstrating the rapid pace at which attackers are exploiting new tools.

These findings highlight the urgent need for SMBs and users to exercise extreme caution when downloading productivity apps, especially those related to artificial intelligence.

Vasily Kolesnikov, a security expert at Kaspersky, confirms that attackers choose a tool as a disguise for malware based on its popularity and the buzz surrounding it. The more popular the tool, the greater the likelihood that a user will find a fake package online.

Targeting collaborative platforms:

In addition to AI tools, cybercriminals are exploiting the brands of collaborative work platforms, which have become essential for businesses, to trick users into downloading or running malware, including:

• Zoom : The number of malware or unwanted files masquerading as Zoom increased by approximately 13% in 2025, reaching 1,652 files.
• Microsoft Teams : saw a 100% increase, with 206 malware files.
• Google Drive : saw a 12% increase, with 132 malware files.

This pattern illustrates the prevalence of remote work and employee teams spread across diverse geographic locations, making these platforms essential to businesses across various sectors and an attractive target for attackers.

Microsoft Office applications are a frequent target for fraud:

Data from the analysis sample indicated that files masquerading as Zoom were 41% more numerous than the total number of unique files detected.

However, Microsoft Office applications remained frequent targets for phishing attacks, with Outlook and PowerPoint each accounting for 16% of attacks, Excel 12%, Word 9%, and Teams 5%.

The most prominent cyber threats facing small and medium-sized enterprises in 2025 included:

• Malicious downloaders: These are programs designed to download and install other malicious software on victims’ systems without their knowledge.
• Trojans: These are programs that disguise themselves as legitimate programs to deceive users. Once launched, they perform malicious actions such as stealing data or opening backdoors for attackers.
• Adware: Software that displays unwanted ads, redirects browsers, and may collect user data for marketing or other malicious purposes.

These types of threats highlight the continued targeting of small and medium-sized businesses by cybercriminals, often exploiting their lack of security awareness or limited resources.

Kaspersky recommendations for small and medium-sized businesses:

To mitigate cyber threats targeting small and medium-sized businesses, business owners and employees should take the following measures:

• Use specialized cybersecurity solutions that provide monitoring and control of cloud services, such as.
• Establish clear rules for controlling access to various company resources, such as email accounts, shared folders, and electronic documents.
• Regularly backup important data, to ensure data recovery in the event of an attack.
• Establish clear guidelines for the use of external services, and establish clear procedures for using new software in partnership with the IT manager and other responsible managers.
• Be careful when searching for programs online, and don’t be fooled by tempting subscription offers that are too good to be true.

Conclusion:

Kaspersky’s report indicates that small and medium-sized businesses face an evolving cyberthreat landscape, with attackers exploiting the popularity of productivity tools and artificial intelligence to deceive users.

This situation requires enhanced security awareness and the implementation of robust protection measures, as well as investment in specialized cybersecurity solutions to ensure business continuity and protect sensitive data.