New malware campaign hides behind fake ChatGPT, Microsoft Office, and Google Drive tools

Hackers disguise trusted tools

Cybercriminals now mimic apps people trust most, including ChatGPT, Microsoft Office, and Google Drive. These fake downloads do not improve productivity but instead install malware quietly. Once inside, attackers can steal data, create hidden entry points, or release even more malicious code.

Security researchers report a sharp increase in these disguised installers, ranking them among the most serious threats for companies today. Businesses must remember that even familiar-looking downloads can conceal dangerous payloads designed to disrupt operations.

Why big firms aren’t the only targets?

Large enterprises still face attacks, but criminals are diversifying. Mid-sized suppliers and service providers are often targeted as stepping-stones into bigger networks. By compromising a smaller partner, hackers can move upstream to larger corporations.

Because attackers often use smaller suppliers as footholds into bigger networks, a compromised SMB can become a stepping-stone to larger partners, which is why supply-chain security matters for organizations at every tier.

Backdoors open the way in

One of the stealthiest tricks attackers use is planting backdoors in company systems. These act as hidden keys, allowing criminals to re-enter a network at any time without raising alarms.

According to Kaspersky’s Jan–Apr 2025 SMB analysis, backdoors accounted for 24.32% of detected threats affecting the sampled European small and medium businesses.

Once installed, backdoors give hackers freedom to move deeper into networks, steal data, and prepare for more disruptive attacks in the future.

Trojans sneak through the gates

Trojans are a favorite method for delivering hidden threats. They look like safe programs, but secretly carry harmful code. Once activated, trojans can steal employee passwords, spy on user activity, or quietly download more malware in the background.

They are widespread in Europe, accounting for nearly one in five observed threats. Because trojans rely on disguise, users often unknowingly trigger them, giving attackers an easy way inside business systems. Recognizing and blocking suspicious software is a vital defense.

Europe hit hard by fake apps

European businesses saw concentrated detections of fake apps and PUAs in early 2025. Kaspersky’s Jan–Apr 2025 study found nearly 8,500 SMB users encountered attacks where malware or PUAs impersonated common business tools.

The analysis counted 4,043 unique malicious or unwanted files in the 2025 sample. Detection rates varied sharply by country.

Zoom was the most impersonated service in the Jan–Apr 2025 sample (about 40.86% of unique mimicked files), while Outlook and PowerPoint each represented roughly 16%, Excel almost 12%, and Google Drive about 3.26%, illustrating how collaboration and office tools became common lures

Africa’s rising cyber threat

Africa experienced growing detections of malware and unwanted applications in early 2025, according to Kaspersky regional reporting.

The company’s research highlights sizable increases in web and mobile threat activity and calls out several country-level hotspots where fake apps and PUAs were concentrated.

The data show the problem is not limited to developed economies and that attackers are actively exploiting markets across the region. Use the Jan–Apr 2025 window if you want to anchor these findings to a specific period.

The power of PUAs

Kaspersky’s SMB analysis names downloaders and potentially unwanted applications as top vectors used to deliver additional payloads.

PUAs and downloaders often act as intermediaries: they may not be overtly destructive on their own but are commonly used to install more harmful components silently.

Treating PUAs as real security risks is supported by Kaspersky’s data and guidance, which recommend monitoring and blocking these categories as part of an SMB defense plan.

AI tools becoming new bait

The popularity of AI tools has created a fresh opportunity for scammers. Hackers exploit the hype around apps like ChatGPT by creating fake installers and spreading them through hijacked social media accounts, including Facebook Business pages.

Many victims downloaded these fake versions when the official ChatGPT was only available as a web service. This confusion gave criminals a perfect lure. Once installed, these fake apps carried malware designed to steal information or install further malicious payloads.

Deepfakes enter the game

Attackers are now using AI-generated deepfakes to trick employees. Fake voices or videos can convincingly mimic executives, leading staff to follow fraudulent instructions. Some criminals use a fake CEO video call to establish trust, then switch to simpler scams such as emails or texts.

Documented incidents show deepfake-enabled fraud can cost firms millions (industry reporting cites individual cases and aggregated losses in the tens or hundreds of millions in early 2025), underscoring that video and voice deepfakes are now an enterprise-level risk.

Prompt tricks against AI

Hackers are not only using AI but also finding ways to manipulate it. By feeding malicious prompts, they can make AI tools reveal confidential information or behave in unintended ways. This method, known as prompt injection, has been demonstrated in research and real-world cases.

Attackers may even exploit integrations between AI systems and other software, tricking them into running harmful code. These vulnerabilities show that AI must be carefully configured and monitored to prevent misuse.

Hackers target resource-strapped businesses

Small and medium-sized businesses often operate with limited IT resources, making it difficult to detect hidden threats before damage occurs. Their security budgets rarely match the sophistication of the attacks they face, leaving them exposed to enterprise-level threats.

Without enough staff or advanced tools, many SMBs remain easy prey for hackers deploying fake apps and malware. Industry experts stress that even modest improvements in defenses can significantly reduce risks for these vulnerable organizations.

AI scams get personal

Beyond deepfakes, criminals now use AI to craft convincing personalized messages. Phishing emails can be tailored with employee names, job roles, or even writing styles learned from public posts. This personalization makes fake requests harder to spot and increases success rates.

As AI models grow more powerful, businesses must teach staff to verify unusual requests, no matter how authentic they look. Human judgment is becoming the last line of defense against AI-driven deception.

Employee training is key

Technology alone cannot protect businesses; people must also play their part. Many cyberattacks succeed because employees click suspicious links or download fake apps without realizing the risk.

Training workers to recognize phishing attempts, unusual download requests, or strange emails can stop many attacks before they spread. Simple awareness measures, like double-checking a sender’s details, can prevent costly mistakes.

Building a culture of vigilance is one of the most effective, low-cost defenses available to small businesses.

Update and patch fast

Cybercriminals constantly exploit old software flaws, making outdated programs a major risk. Unpatched vulnerabilities give attackers easy entry into business systems.

Regularly updating operating systems, applications, and security tools is one of the simplest yet most powerful defenses. By patching quickly, companies can shut down known attack paths before criminals have a chance to use them.

Timely updates cost little but provide enormous protection against many of the most common cyber threats today.

Passwords and MFA matter

Even basic steps can block major threats. Strong, unique passwords combined with multi-factor authentication (MFA) make it much harder for attackers to break into accounts. Studies show that MFA alone can stop the majority of automated account takeover attempts.

For small businesses with limited resources, enforcing secure password policies and enabling MFA is a practical, high-impact defense. These measures dramatically lower the chances of stolen credentials leading to a successful breach.

This layered defense is the clearest example of why your passwords are useless without MFA & 2FA when facing evolving attacks.

Avoiding risks from fake downloads

Downloading apps from unverified ads or search results is a common way businesses get infected. Hackers set up fake download pages or poisoned links to spread malware disguised as trusted tools.

The safest practice is to install software only from official stores, vendor websites, or through company IT teams. Sticking to authorized sources closes off one of the easiest attack methods, ensuring employees don’t accidentally introduce dangerous programs into company systems.

The push for safer ecosystems is reflected in news that Google is preparing to shut out unverified apps from sideloading, aiming to cut off a major malware channel.

Have you ever spotted a suspicious download link? Share your experience in the comments and don’t forget to give this post a like.

Read More From This Brand:

• DNS malware could be the next cyberweapon
• Steam Game Demo Caught Spreading Malware
• Criminals Spread Malware Disguised as DeepSeek AI

Don’t forget to follow us for more exclusive content right here on MSN.

If you liked this story, you’ll LOVE our FREE email. Join today and be the first to get stories like this one.

This slideshow was made with AI assistance and human editing.