AI Service Impersonation Malware Attacks on India SMBs Jump Over Six Times in 2026: Kaspersky

This number has surged by almost five times when compared to the same period in 2025. Regionally, India alone accounted for more than 600 of these attacks – an increase of more than six times compared to the same period in 2025.
AI Service Impersonation Malware Attacks on India SMBs Jump Over Six Times in 2026: Kaspersky
Published on
4 min read

From January to April 2026, Kaspersky security solutions* detected more than 33,300 attacks on small and medium-sized businesses (SMBs) globally, in which malicious or unwanted software for PCs were disguised as popular artificial intelligence (AI) services. This number has surged by almost five times when compared to the same period in 2025. Regionally, India alone accounted for more than 600 of these attacks – an increase of more than six times compared to the same period in 2025. 

Ahead of International SMB Day on June 27, a new Kaspersky report reveals threat analysis and mitigation strategies to help SMBs protect themselves against the evolving threat landscape. 

Kaspersky experts explored the extent to which threat actors target small and medium-sized businesses with malware disguised as legitimate AI services, considering the growing popularity of such tools for the business workflow. At the beginning of 2026 in India, the most common lures in cyberattacks involved malware posing as ChatGPT (41%), DeepSeek (40%), and Claude (15%).

Among unique malicious files detected in the SMB sector and masqueraded as AI services, Kaspersky experts observed mainly different Trojware, including those capable of downloading and running other malware on compromised devices. Trojware disguises itself as harmless files to trick users into installing them. Their functionality may vary depending on the type of malware. It may include stealing, deleting, blocking, modifying or copying users’ data, as well as other malicious capabilities. Given this, Trojware represents a highly dangerous cyberthreat to entrepreneurs and businesses.

However, in 2026, Kaspersky telemetry detected even more attacks on SMBs, in which malicious or unwanted software for PCs were disguised as messenger apps and video conferencing software: Telegram, WhatsApp, Zoom and Microsoft Teams. From January to April, Kaspersky’s solutions blocked almost 415,000 such attacks. The number of attacks changed marginally compared to the previous year’s figures. Thus, Kaspersky experts note that the lure of fake communication apps remains a widespread cyberthreat.

“The threat landscape is evolving with new lures constantly appearing. For example, for the first four months of this year, our solutions for small and medium-sized businesses detected hundreds of attacks, in which malicious or unwanted software were disguised as OpenClaw – an AI tool that rapidly gains popularity in 2026. Corporate employees are increasingly using various AI services and other tools in their workflows, including those that are publicly available. Thus, to be on the safe side, SMB employees – as well as all users – should exercise caution when looking for software on the internet. Always check the correct spelling of the website and links in suspicious emails, and use robust security solutions”, says Vasily Kolesnikov, security expert at Kaspersky.

“As adversaries constantly refine their methods to exploit human error, the need for up-to-date security awareness training for businesses of all kinds and sizes is undeniable. However, the reality is that micro-organisations often struggle to allocate time and budget to regularly update their staff on the latest threats and malicious trends. We believe this issue can be largely addressed through solutions tailored for small businesses, which deliver robust core protection while also providing accessible security education,” adds Rodion Pyanov, product manager, Kaspersky Small Office Security.

"Cybercriminals increasingly view Indian SMBs as attractive targets, leveraging the rapid adoption of AI tools in business workflows to disguise malware and slip past defenses. In India, where SMBs make up over 99% of enterprises, the scale of this threat is significant. We blocked over 10.6 million internet-borne threats on Indian systems in Q1 2026 alone. The more than six-fold surge in malware disguised as popular AI services is a clear signal that threat actors are keeping pace with technology trends and exploiting the tools businesses rely on most. SMBs in India must treat cybersecurity not as an afterthought but as a business imperative. The good news is that cybersecurity today does not have to be complicated. Effective solutions are designed to protect small businesses without demanding the resources of a large IT department," comments Jaydeep Singh, General Manager, India at Kaspersky.

Read the full report on the SMB threat landscape here.

To protect your business from cyberthreats:

● Look for solutions that fit your budget, size, and industry requirements, with an emphasis on scalability and ease of integration. For instance, Kaspersky Small Office Security Premium is an easy-to-use solution that protects from advanced threats and also provides access to security awareness training for employees, making it ideal for micro-businesses. Meanwhile, small and medium-sized enterprises with more mature IT expertise should consider Kaspersky Next Optimum, which is designed specifically for growing organisations and offers real-time protection, threat visibility, as well as investigation and response capabilities of EDR and XDR.

● For teams lacking cybersecurity personnel and the bandwidth for 24/7 monitoring, a managed approach can be invaluable. Kaspersky MDR, an expert-led service, provides round-the-clock capabilities for the entire incident management cycle – from threat detection to continuous protection and remediation.

● Establish clear guidelines for using external services and resources.

● Define access rules for corporate resources such as email accounts, shared folders, and online documents.

● Regularly back up important data to ensure the preservation of corporate information in case of emergencies.

𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲

𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 FacebookLinkedInTwitterInstagram

logo
DIGITAL TERMINAL
digitalterminal.in