Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workers
Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
Small and medium-sized businesses (SMBs) across Europe and North, West, and Central Africa are being targeted by malware masquerading as legitimate tools.
According to Kaspersky, cyber criminals are disguising malware and potentially unwanted applications (PUAs) as trusted tools such as ChatGPT, Microsoft Office applications ,and Google Drive.
Between January and April this year, Austria, Italy, and Germany were among the hardest hit countries in Europe, with the campaign accelerating at pace.
Austria accounted for 40% of all detected cases in which PUAs and malware mimicked legitimate brands, followed by Italy at 25%, Germany at 11%, and Spain (10%). Meanwhile, in Africa, Morocco topped the list, with 41% of all detected PUAs.
The most common threats affecting SMBs in Europe included backdoors (24%), Trojans (17%), and not-a-virus:Downloaders (16%). All of these are designed to infiltrate networks without raising suspicion, Kaspersky noted.
In Africa, not-a-virus: Downloaders dominated (55%), followed by DangerousObjects (14%) and Trojans (13%).
“Small businesses face enterprise-level threats, often with startup-level budgets," said Marc Rivero, lead security researcher at the Global Research and Analysis Team (GreAT) at Kaspersky. “The key is knowing where to focus their limited resources for maximum protection."
Kaspersky said these growing threats highlight the need for more robust employee awareness training. Enabling staff to spot the telltale signs of cyber criminal activity is crucial to preventing disaster.
The company also advised enforcing strong authentication and authorization with strict password policies and multi-factor authentication (MFA), regularly updating software and patching vulnerabilities.
Meanwhile, organizations should carry out regular training sessions, focusing on safe email practices, secure password management, recognizing phishing attempts, and the proper handling of sensitive data.
All software should come from official sources – not via search engines – and be installed centrally by the IT team to prevent hidden threats. Similarly, clear access rules should be set for emails, shared folders, and online services, with user activity monitored and access revoked promptly when employees leave the company.
"The best defense against sophisticated malware isn't the most expensive tool - it's understanding how attackers think and closing the doors they're looking for,” said Rivero.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Warning issued as Pakistan-based malware group hits millions globally
- The best malware removal tools 2025
- What is Malware as a Service and why should businesses take note?
-
NHS supplier DXS International confirms cyber attack – here’s what we know so farNews The NHS supplier says front-line clinical services are unaffected
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
-
NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to knowNews Many organizations see prompt injection as just another version of SQL injection - but this is a mistake
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals — and teams at Amazon are already seeing huge gainsNews AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals, and the company has already unlocked significant benefits from the technology internally.
