Cybercriminals most often disguise malware as Zoom and ChatGPT

Kaspersky Lab experts have found that almost half of the malicious files attacking small and medium businesses in Russia imitate the Zoom application. Attackers also actively use fake versions of ChatGPT and other popular services.

Hacking Jul 1, 2025 0 2 Add to Reading List

Cybercriminals most often disguise malware as Zoom and ChatGPT

Kaspersky Lab experts analyzed which legal programs were most often used to disguise malicious files during cyberattacks on small and medium-sized businesses in Russia between January and April 2025.

According to the study, the largest number of malicious files imitated the Zoom application — it accounted for about half of all detected threats. Compared to the same period in 2024, their number increased by 48%. Attackers also actively used images of popular AI services: the number of malicious files disguised as ChatGPT increased by 175%. After the DeepSeek neural network grew in popularity in 2025, its fake versions also appeared. In addition, files posing as Microsoft Office documents (Outlook, PowerPoint, Excel, Word) traditionally remain in demand among attackers.

"The more popular a service is and the more discussion it generates, the higher the likelihood that it will be used to disguise malware or unwanted software."
Vasily Kolesnikov, cybersecurity expert at Kaspersky Lab

The most common malicious files were downloaders (40% of infections), Trojans (25%) and adware (22%).

Kaspersky Lab representatives note that attackers often use popular services to distribute malware, so companies should be careful when installing software and use only proven solutions.