From January to April 2026, Kaspersky security solutions* detected more than 33,300 attacks on small and medium-sized businesses (SMBs), in which malicious or unwanted software for PCs were disguised as popular artificial intelligence (AI) services. This number has surged by almost five times when compared to the same period in 2025.
Ahead of International SMB Day on June 27, a new Kaspersky report reveals threat analysis and mitigation strategies to help SMBs protect themselves against the evolving threat landscape.
Kaspersky experts explored the extent to which threat actors target small and medium-sized businesses with malware disguised as legitimate AI services, considering the growing popularity of such tools for the business workflow. At the beginning of 2026 the most common lures in cyberattacks involved malware posing as ChatGPT (42%), Claude (24%), and DeepSeek (20%).
Share of attacks targeting SMBs in which malware or unwanted software mimic the five popular, legitimate AI apps that Kaspersky’s research focuses on, first four months of 2025 and 2026
Among unique malicious files detected in the SMB sector and masqueraded as AI services, Kaspersky experts observed mainly different Trojware, including those capable of downloading and running other malware on compromised devices. Trojware disguises itself as harmless files to trick users into installing them. Their functionality may vary depending on the type of the malware. It may include stealing, deleting, blocking, modifying or copying users’ data, as well as other malicious capabilities. Given this, Trojware represents a highly dangerous cyberthreat to entrepreneurs and businesses.
However, in 2026 Kaspersky telemetry detected even more attacks on SMBs, in which malicious or unwanted software for PCs were disguised as messenger apps and video conferencing software: Telegram, WhatsApp, Zoom and Microsoft Teams. From January to April Kaspersky solutions blocked almost 415,000 such attacks. The number of attacks changed marginally compared to the previous year’s figures. Thus, Kaspersky experts note that the lure of fake communication apps remains a widespread cyberthreat.
“In the first four months of this year, we detected hundreds of attacks targeting SMBs in which malicious or unwanted software was disguised as OpenClaw. As employees increasingly use AI services and other publicly accessible tools in their daily workflows, cybercriminals are finding new opportunities to exploit that demand. That's why security today has to be about more than simply blocking threats. It should combine robust protection with practical guidance, user awareness and expert support to help organisations make informed decisions and stay resilient. This is where trusted partners, MSPs and security specialists play a vital role, enabling businesses to adopt new technologies safely without adding unnecessary complexity,” says Anna Papla, UK and Ireland Territory Channel Manager at Kaspersky.
Read the full report on the SMB threat landscape here:
To protect your business from cyberthreats:
- Look for solutions that fit your budget, size, and industry requirements, with an emphasis on scalability and ease of integration. For instance, Kaspersky Small Office Security Premium is an easy-to-use solution that protects from advanced threats and also provides access to security awareness training for employees, making it ideal for micro-businesses. Meanwhile, small and medium-sized enterprises with more mature IT expertise should consider Kaspersky Next Optimum, which is designed specifically for growing organizations and offers real-time protection, threat visibility, as well as investigation and response capabilities of EDR and XDR.
- For teams lacking cybersecurity personnel and the bandwidth for 24/7 monitoring, a managed approach can be invaluable. Kaspersky MDR, an expert-led service, provides round-the-clock capabilities for the entire incident management cycle – from threat detection to continuous protection and remediation.
- Establish clear guidelines for using external services and resources.
- Define access rules for corporate resources such as email accounts, shared folders, and online documents.
- Regularly back up important data to ensure the preservation of corporate information in case of emergencies.
* For this research, only anonymized data received from the users of Kaspersky solutions for SMBs were analyzed.
