Portal ERP
BackSecondary Hero

Malware disguised as AI services hits SMBs five times more in early 2026

Kaspersky detected more than 33,300 attacks on small and medium-sized businesses from January to April 2026 using fake AI tools as lures.

Redação Portal ERP
Jul 01, 2026
T|Fonte:18px
3 min read
Malware disguised as AI services hits SMBs five times more in early 2026

Kaspersky, a cybersecurity company, detected more than 33,300 attacks on small and medium-sized businesses between January and April 2026 in which malicious or unwanted software was disguised as popular AI services. The figure represents a nearly fivefold increase compared to the same period in 2025, according to a new report from the company based on anonymized data from users of its SMB security solutions.

The most common AI services used as lures during the first months of 2026 were ChatGPT, cited in 42 percent of attacks, followed by Claude at 24 percent and DeepSeek at 20 percent. Among the malicious files detected and disguised as AI services, Kaspersky researchers found the majority were Trojware, a category covering Trojans and Trojan-like malware capable of downloading and running additional malicious software on compromised devices. Trojware disguises itself as harmless files to trick users into installing them, and can steal, delete, block, modify or copy user data depending on the specific variant.

Kaspersky's telemetry also found a separate and larger wave of attacks targeting SMBs through fake messaging and video conferencing applications. From January to April 2026, the company blocked nearly 415,000 attacks in which malicious software was disguised as Telegram, WhatsApp, Zoom or Microsoft Teams. That number remained roughly flat compared to the same period the previous year.

Vasily Kolesnikov, a security expert at Kaspersky, described the threat as one that continues to add new lures:

"The threat landscape is evolving with new lures constantly appearing. For example, for the first four months of this year our solutions for small and medium-sized businesses detected hundreds of attacks, in which malicious or unwanted software were disguised as OpenClaw – an AI tool that rapidly gains popularity in 2026. Corporate employees are increasingly using various AI services and other tools in their workflows, including those that are publicly available. Thus, to be on the safe side, SMB employees – as well as all users – should exercise caution when looking for software on the Internet. Always check the correct spelling of the website and links in suspicious emails, and use robust security solutions."

Rodion Pyanov, product manager for Kaspersky Small Office Security, pointed to a structural challenge facing smaller organizations:

"As adversaries constantly refine their methods to exploit human error, the need for up-to-date security awareness training for businesses of all kinds and sizes is undeniable. However, the reality is that micro-organisations often struggle to allocate time and budget to regularly update their staff on the latest threats and malicious trends. We believe this issue can be largely addressed through solutions tailored for small businesses which deliver robust core protection while also providing accessible security education."

The full report on the SMB threat landscape is available on Securelist.com.

Share:

Redação Portal ERP

Editorial Team

Portal ERP's editorial team brings the latest news and analysis on technology and business management.