From January to April 2026, Kaspersky security solutions detected more than 33,300 attacks on small and medium-sized businesses (SMBs), in which malicious or unwanted software for PCs were disguised as popular artificial intelligence (AI) services. This number has surged by almost five times when compared to the same period in 2025.
Ahead of International SMB Day on June 27, a new Kaspersky report reveals threat analysis and mitigation strategies to help SMBs protect themselves against the evolving threat landscape.
Kaspersky experts explored the extent to which threat actors target small and medium-sized businesses with malware disguised as legitimate AI services, considering the growing popularity of such tools for the business workflow. At the beginning of 2026 the most common lures in cyberattacks involved malware posing as ChatGPT (42%), Claude (24%), and DeepSeek (20%).
Share of attacks targeting
SMBs in which malware or unwanted software mimic the five popular, legitimate
AI apps that Kaspersky’s research focuses on, first four months of 2025 and
2026
Among unique malicious files detected in the SMB sector and masqueraded as AI services, Kaspersky experts observed mainly different Trojware, including those capable of downloading and running other malware on compromised devices. Trojware disguises itself as harmless files to trick users into installing them. Their functionality may vary depending on the type of the malware. It may include stealing, deleting, blocking, modifying or copying users’ data, as well as other malicious capabilities. Given this, Trojware represents a highly dangerous cyberthreat to entrepreneurs and businesses.
However, in 2026 Kaspersky telemetry detected even more attacks on SMBs, in which malicious or unwanted software for PCs were disguised as messenger apps and video conferencing software: Telegram, WhatsApp, Zoom and Microsoft Teams. From January to April Kaspersky solutions blocked almost 415,000 such attacks. The number of attacks changed marginally compared to the previous year’s figures. Thus, Kaspersky experts note that the lure of fake communication apps remains a widespread cyberthreat.
“The threat landscape is evolving with new lures constantly appearing. For example, for the first four months of this year our solutions for small and medium-sized businesses detected hundreds of attacks, in which malicious or unwanted software were disguised as OpenClaw – an AI tool that rapidly gains popularityin 2026. Corporate employees are increasingly using various AI services and other tools in their workflows, including those that are publicly available. Thus, to be on the safe side, SMB employees – as well as all users – should exercise caution when looking for software on the internet. Always check the correct spelling of the website and links in suspicious emails, and use robust security solutions”, says Vasily Kolesnikov, security expert at Kaspersky.
“As adversaries constantly refine their methods to exploit human error, the need for up-to-date security awareness training for businesses of all kinds and sizes is undeniable. However, the reality is that micro-organizations often struggle to allocate time and budget to regularly update their staff on the latest threats and malicious trends. We believe this issue can be largely addressed through solutions tailored for small businesses which deliver robust core protection while also providing accessible security education,” adds Rodion Pyanov, product manager, Kaspersky Small Office Security.
Read the full report on the SMB threat landscape on Securelist.
To protect your business from cyberthreats:
- Look for solutions that fit your budget, size, and industry requirements, with an emphasis on scalability and ease of integration. For instance, Kaspersky Small Office Security Premium is an easy-to-use solution that protects from advanced threats and also provides access to security awareness training for employees, making it ideal for micro-businesses. Meanwhile, small and medium-sized enterprises with more mature IT expertise should consider Kaspersky Next Optimum, which is designed specifically for growing organizations and offers real-time protection, threat visibility, as well as investigation and response capabilities of EDR and XDR.
- For teams lacking cybersecurity personnel and the bandwidth for 24/7 monitoring, a managed approach can be invaluable. Kaspersky MDR, an expert-led service, provides round-the-clock capabilities for the entire incident management cycle – from threat detection to continuous protection and remediation.
- Establish clear guidelines for using external services and resources.
- Define access rules for corporate resources such as email accounts, shared folders, and online documents.
- Regularly back up important data to ensure the preservation of corporate information in case of emergencies.
* For this research, only anonymized data received from the users of Kaspersky solutions for SMBs were analyzed.
