
Kaspersky has reported a sharp increase in malware attacks targeting small and medium-sized businesses (SMBs) through software disguised as popular AI services, based on its latest findings. From January to April 2026, Kaspersky detected more than 33,300 such attacks on SMBs globally, or nearly five times the figure recorded in the same period in 2025.
Kaspersky: AI Becomes The Latest Lure For Malware

Southeast Asia accounted for more than 1,800 of these attacks, representing a rise of almost seven times compared to the same period last year. In this region, the most common AI service impersonated in attacks during early 2026 was ChatGPT (44%), followed by DeepSeek (33%) and Claude (11%).
The malicious files detected were predominantly a class of malware referred as Trojan Horse – malware that disguise themselves as legitimate software and can perform functions including data theft, deletion, modification, or the downloading and execution of additional malware on compromised devices.
Kaspersky also noted the emergence of OpenClaw – a free, open-source AI tool that gained traction in 2026 – as a new lure used in hundreds of detected attacks during the first four months of the year.

Beyond AI service lures, Kaspersky’s telemetry recorded a considerably higher volume of attacks in which malware was disguised as messenger and video conferencing applications. From January to April of 2026, its security software has blocked nearly 415,000 attacks using fake versions of Telegram, WhatsApp, Zoom, and Microsoft Teams, which it says is a figure that remained broadly consistent with the previous year.
SMBs represent more than 90% of businesses in Southeast Asia, making the region a continued target for threat actors. Kaspersky’s report highlights that smaller organizations often face constraints in allocating resources to regular security awareness training, and recommends solutions tailored to SMBs that combine core protection with accessible security education.
Pokdepinion: The hype of AI makes for a great opportunity for threat actors to take advantage of.



