In a significant escalation of cyber threats targeting small and medium-sized businesses (SMBs), attackers are increasingly disguising malicious software and phishing campaigns as trusted business applications such as ChatGPT, Cisco AnyConnect, Google Meet, and Microsoft Teams.
According to recent research by Kaspersky Lab, the sophistication and frequency of these attacks are rising, with cybercriminals leveraging both artificial intelligence and the widespread adoption of collaboration platforms to breach corporate defenses.
The latest data from Kaspersky Security Network reveals that, between January and April 2025, approximately 8,500 SMB users were targeted by cyberattacks involving malware or potentially unwanted software masquerading as popular business tools.
Notably, the number of unique malicious files impersonating ChatGPT surged by 115% compared to the previous year, reflecting a growing trend of attackers exploiting the rapid adoption of AI-powered services.
The emergence of new large language models, such as DeepSeek, has also provided fresh vectors for threat actors, with DeepSeek-themed malware appearing on the threat landscape almost immediately after its release.
Collaboration platforms remain a prime target for cybercriminals. The number of unique malicious files mimicking Zoom accounted for 41% of all detected threats, a 14 percentage point increase from 2024.
Microsoft Teams and Google Drive also saw significant upticks, with their shares rising by over 3 and 1 percentage points, respectively.
These trends underscore how the normalization of remote work and distributed teams has made such platforms integral and thus attractive for cyberattacks.
Attack Techniques
The primary vectors for these attacks include downloaders, Trojans, and adware. Downloaders, while not inherently malicious, are frequently used to install additional payloads onto victim devices without explicit user consent.
Trojans remain a persistent threat, capable of unauthorized data manipulation, exfiltration, and system disruption.
Adware, often bundled with freeware, is used to display intrusive advertisements or redirect browser traffic, and is sometimes covertly installed by Trojans.
Other notable threats include Trojan-Downloaders, Backdoors, HackTools, and credential-stealing malware (Trojan-PSW).
For example, Kaspersky identified campaigns distributing Trojan-Downloader malware via counterfeit websites posing as legitimate remote access and 3D modeling software providers.
Social Engineering
Beyond technical exploits, cybercriminals are employing sophisticated social engineering tactics.
Phishing schemes frequently imitate login pages for widely used services, luring victims into surrendering credentials or transferring funds.
Recent incidents include phishing attacks targeting Google business accounts under the pretense of advertising offers, as well as fraudulent banking sites promising business loans in exchange for sensitive login details.
Classic scams, such as the so-called “Nigerian” frauds, continue to ensnare SMBs, with perpetrators promising large financial transfers in exchange for upfront payments.
Additionally, SMBs are inundated with spam offering dubious services, such as bulk company databases or reputation management, often tailored to the operational needs of smaller enterprises.
To counter these evolving threats, experts recommend that SMBs invest in comprehensive cybersecurity measures, including advanced endpoint protection, spam filters, and robust authentication protocols.
Regular employee training, strict access controls, and the exclusive use of official channels for software procurement are critical.
Organizations should establish clear cybersecurity guidelines, enforce multi-factor authentication, and routinely back up critical data to ensure resilience against both malware and social engineering attacks.
As cybercriminals continue to innovate, leveraging both AI and the trusted reputations of leading business platforms, SMBs must remain vigilant and proactive in their defense strategies to safeguard sensitive data and maintain operational continuity.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Warning for WordPress Admins – Fake SEO Plugins Hijacking Websites")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Apache APISIX Flaw Enables Unauthorized Cross-Issuer Access Due to Misconfigurations")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Instagram Adopts Daily TLS Certificate Rotation with One-Week Validity")
