Blog

The AI Trap: Why Malware Disguised as ChatGPT, Claude, and DeepSeek Is Surging Against SMEs

Written by LENET Cybersecurity Team | Jul 17, 2026 3:23:14 PM

The rapid adoption of artificial intelligence tools across businesses of all sizes has created an unexpected vulnerability. Cybercriminals are exploiting the trust that small and medium-sized enterprises place in popular AI platforms, disguising malware as legitimate applications to gain access to business networks.

Kaspersky's 2026 threat analysis for SMBs reveals a concerning trend. From January to April 2026, security solutions detected more than 33,300 attacks on small and medium-sized businesses where malicious or unwanted software for PCs was disguised as popular artificial intelligence services. This represents an increase of nearly five times compared to the same period in 2025.

The Most Common AI Lures

At the beginning of 2026, the most common lures in these cyberattacks involved malware posing as ChatGPT, which accounted for 42% of detected attacks. Claude followed at 24%, and DeepSeek at 20%. Attackers are also already pivoting to newer AI tools. Kaspersky experts detected hundreds of attacks where malicious software was disguised as OpenClaw, an AI tool that has been rapidly gaining popularity throughout 2026.

This pattern demonstrates how cybercriminals follow trends closely. As corporate employees increasingly use various AI services in their workflows, attackers adapt their methods to exploit the most current and trusted names in the space.

How the Malware Works

Among the unique malicious files detected in the SMB sector and masqueraded as AI services, security experts observed mainly different types of Trojware, including variants capable of downloading and running other malware on compromised devices. Trojware disguises itself as harmless files to trick users into installing them. Once installed, the functionality varies depending on the specific malware type. It may include stealing, deleting, blocking, modifying, or copying users' data.

The danger is compounded by the fact that these attacks specifically target SMBs. Smaller businesses often lack robust cybersecurity policies and the necessary resources to protect themselves against an evolving threat landscape. This makes them attractive targets for cybercriminals who can deploy relatively simple social engineering tactics to achieve significant results.

Why SMEs Are at Risk

Several factors make small and medium-sized enterprises particularly vulnerable to this type of attack. Employees in SMBs often wear multiple hats and may not have dedicated IT security training. The pressure to adopt new productivity tools quickly can lead to hasty decisions about downloading and installing software. Additionally, many SMBs lack the enterprise-grade security solutions that would automatically detect and block these threats.

Kaspersky experts note that the lure of fake communication apps remains a widespread cyberthreat, with almost 415,000 attacks involving fake messenger apps and video conferencing software detected from January to April 2026. However, the surge in AI-disguised attacks represents a new and rapidly growing vector that business owners need to understand.

Practical Steps for Protection

Protecting your business from these threats requires a combination of vigilance and the right security measures.

Download from official sources only. This is the single most important step. Employees should always verify that they are downloading AI tools from the official website of the provider. Checking the correct spelling of website URLs and links in suspicious emails is essential.

Deploy robust security solutions. Small businesses need endpoint protection that can detect and block Trojware and other malicious files before they can execute. Solutions tailored for small businesses can deliver robust core protection while also providing accessible security education.

Invest in security awareness training. The reality is that micro-organizations often struggle to allocate time and budget to regularly update their staff on the latest threats and malicious trends. However, even basic training can significantly reduce the risk of employees falling for these lures. Regular reminders about the risks of downloading software from unverified sources can make a meaningful difference.

Stay informed about emerging threats. The threat landscape evolves constantly, with new lures appearing regularly. Business owners and IT managers should stay current on the latest tactics being used by cybercriminals, particularly as new AI tools gain popularity and become targets for impersonation.

 

The Bottom Line

The surge in AI-disguised malware attacks represents a significant and growing threat to small and medium-sized businesses. Attackers are weaponizing trust in widely used AI platforms, and they are following trends closely to maximize their success rates. For SMBs that are already managing limited resources, the combination of employee education, robust security solutions, and cautious software procurement practices offers the best defense against this evolving threat.

As Kaspersky security expert Vasily Kolesnikov notes, corporate employees are increasingly using various AI services and other tools in their workflows. This trend shows no signs of slowing down. The businesses that will successfully navigate this landscape are those that treat security as an ongoing practice rather than a one-time implementation, and that recognize the importance of verifying every software download, no matter how legitimate it appears.