Cybercriminals are increasingly abusing the popularity of artificial intelligence tools to spread malware, according to new findings from Kaspersky. The cybersecurity firm reported more than 92,000 malware and potentially unwanted application (PUA) attacks disguised as AI services in the first months of 2026, highlighting how AI branding has become a growing vector for digital threats.
The findings, presented at Kaspersky HORIZONS in Rome, underscore how threat actors are leveraging trusted AI platforms like ChatGPT, Claude, and Gemini to trick users into downloading malicious software.
Fake AI tools drive surge in malware distribution
Kaspersky’s data shows that attackers continue to rely heavily on impersonation tactics, with fake AI applications acting as the primary lure for infection. Nearly half of all detected attacks involved counterfeit ChatGPT installers or services.
Breakdown of detected malware disguised as AI tools shows ChatGPT-related fake apps accounting for 49% of attacks, followed by Claude impersonations at 18% and Gemini impersonations at 18%, with other AI services and agents making up the remaining share.
Researchers also identified more than 15,000 malicious samples masquerading as AI software, including banking trojans, spyware, exploit kits, and malware downloaders, highlighting how threat actors are increasingly exploiting the popularity of generative AI platforms for distribution.
Advanced threat groups use AI branding in targeted campaigns
Kaspersky’s Global Research and Analysis Team (GReAT) also uncovered campaigns linked to advanced persistent threat (APT) actors. One notable operation involved the Silver Fox group, which distributed fake Claude AI applications across Windows, macOS, and Linux systems.
Once installed, these fake applications silently deployed malware payloads designed to maintain long-term access to infected devices and steal sensitive data.
The findings suggest that AI-themed malware is no longer limited to consumer scams but is also being used in more sophisticated, targeted cyberattacks.
AI trust becomes a new cybersecurity weak point
Security researchers warn that the rapid adoption of AI tools is reshaping how attackers exploit trust. As users increasingly rely on AI platforms for productivity, cybercriminals are taking advantage of brand familiarity to bypass caution.
Kaspersky notes that attackers are no longer just targeting devices but also the “trust layer” between users and AI systems, making social engineering more effective.
Security risks grow alongside AI adoption
The rise of AI-driven malware reflects a broader trend in cybersecurity where legitimate technology brands are being used as attack vectors. As AI tools become embedded in workflows across industries, the attack surface continues to expand.
Kaspersky advises both users and organizations to tighten security practices, including downloading AI tools only from verified and official sources, avoiding unknown or unofficial AI bots and installers, using updated security solutions to block phishing and malware, and implementing enterprise-level threat intelligence and monitoring tools.
These recommendations underscore how the rapid adoption of AI is being matched by equally fast-evolving cyber threats, requiring stronger user awareness and more proactive security measures across both consumer and enterprise environments.
AI-themed attacks signal evolving cyber threat landscape
The surge in fake AI software attacks highlights how quickly cybercriminal tactics are adapting to emerging technologies. As AI adoption accelerates in both consumer and enterprise environments, cybersecurity experts expect branding-based deception to remain a major attack strategy.
Kaspersky’s findings reinforce a growing reality: in the AI era, trust in digital tools is becoming as important as technical defenses in protecting users from cyber threats.
