ISLAMABAD: Cyberattacks targeting small and medium-sized businesses through fake AI services increased sharply in the first four months of 2026, according to a new report by Kaspersky.
The cybersecurity company said its security solutions detected more than 33,300 attacks from January to April 2026 in which malicious or unwanted PC software was disguised as popular artificial intelligence tools. The figure was almost five times higher than the number recorded during the same period in 2025.
Kaspersky said the rise reflects how cybercriminals are adapting to workplace technology trends, as employees at small and medium-sized businesses increasingly rely on publicly available AI tools for daily tasks.
At the beginning of 2026, the most common AI-related lures involved malware posing as ChatGPT, which accounted for 42 percent of detected attacks. Claude was used in 24 percent of cases, while DeepSeek accounted for 20 percent.
The company said many of the malicious files detected in the SMB sector were classified as Trojware, including Trojans and Trojan-like malware. Such files are designed to appear harmless so users install them without realizing they may compromise their devices.
Once installed, Trojware can perform a range of harmful actions depending on the malware type. These may include stealing, deleting, blocking, modifying or copying user data, as well as downloading and running additional malware.
Fake messaging and video apps also used in attacks
Kaspersky said attacks disguised as AI services were part of a broader pattern of cybercriminals using familiar workplace tools as bait.
From January to April 2026, Kaspersky solutions blocked nearly 415,000 attacks on SMBs in which malicious or unwanted PC software was disguised as messenger apps and video conferencing platforms, including Telegram, WhatsApp, Zoom and Microsoft Teams.
The company said the number of attacks involving these communication tools changed only marginally compared with the same period last year.
Vasily Kolesnikov, security expert at Kaspersky, said the threat landscape continues to evolve as attackers use new lures to exploit business users.
“Corporate employees are increasingly using various AI services and other tools in their workflows, including those that are publicly available,” Kolesnikov said, advising users to check website spellings, inspect links in suspicious emails and rely on robust security protection.
Rodion Pyanov, product manager at Kaspersky Small Office Security, said businesses of all sizes need up-to-date security awareness training as attackers continue to exploit human error.
He said micro-organizations often struggle to allocate time and budget for regular cybersecurity training, making security tools with accessible employee education important for smaller firms.
Kaspersky said SMBs should choose cybersecurity solutions according to their budget, size and industry needs, with attention to scalability and ease of integration. It also said businesses without dedicated cybersecurity teams may consider managed security services for continuous monitoring, threat detection and response.
The full report on the SMB threat landscape is available on Securelist.com.

