Attackers using fake ChatGPT and Office tools in malware scams

In 2025, attackers used fake versions of apps like Zoom, Microsoft Office, and ChatGPT to target SMBs with malware, according to a report by Kaspersky.

In 2025, cyberattacks on small and medium-sized businesses (SMBs) often involved fake versions of popular online tools. According to a Kaspersky report, nearly 8,500 users encountered malicious or unwanted software that was disguised as common productivity apps. The most impersonated names included Zoom, Microsoft Office, and newer AI tools like ChatGPT and DeepSeek.

Kaspersky looked at how often cybercriminals hid malware in what appeared to be real software. Using a sample of 12 widely used online tools, the company found more than 4,000 unique malicious or unwanted files this year. Many of these were linked to AI apps. Files pretending to be ChatGPT increased by 115% in the first four months of 2025 compared to the same period last year. DeepSeek, a language model that launched earlier this year, was copied in 83 files.

Kaspersky security expert Vasily Kolesnikov said attackers often pick targets based on popularity. "The more publicity and conversation there is around a tool, the more likely a user will come across a fake package on the internet," he said. He also warned users to check for misspelled web addresses and avoid clicking on links in suspicious emails. Fake download links often install malware or unwanted software without users knowing.

Zoom remained a common disguise. Kaspersky found that 1,652 files posed as Zoom this year, a 13% rise from last year. Similar attacks used names like Microsoft Teams and Google Drive, which saw 100% and 12% increases, respectively. In total, 206 files mimicked Teams, while 132 used Google Drive branding.

The increased use of these apps across remote and hybrid workplaces has made them easy targets. As more businesses rely on online collaboration tools, attackers are using them to trick users into downloading harmful files.

Of all the tools reviewed, Zoom topped the list. Nearly 41% of the flagged files were disguised as Zoom. Microsoft Office apps were also widely copied — Outlook and PowerPoint each made up 16% of the samples, Excel nearly 12%, and Word and Teams 9% and 5%, respectively.

The most common threats were downloaders, trojans, and adware. These tools can give attackers control of infected systems or open the door for other malicious software.

Outside of fake software, phishing and spam continue to be major problems for SMBs. Attackers employ fake login pages or email scams to collect account credentials or trick people into sending money. One recent example was a fake offer to advertise a company on X, which directed victims to a phishing page that looked like a Google Account login.

Spam campaigns are also getting more specific. Many now include AI-themed offers, such as tools to automate business tasks. Others promote services like content creation, lead generation, or business loans — all aimed at catching the attention of busy business owners. These messages often look like real offers, making them harder to filter out — especially when they tap into needs that small businesses commonly have.