A global cybersecurity company has reported a sharp rise in malware attacks disguised as artificial intelligence services, revealing that more than 92,000 cyberattacks involving malicious software and potentially unwanted applications were detected between January and May 2026. According to findings released by Kaspersky, cybercriminals are increasingly exploiting the popularity of trusted artificial intelligence brands to trick users into downloading harmful software disguised as legitimate applications. Researchers warned that as demand for AI powered tools continues to expand globally, attackers are adapting their tactics to capitalize on growing user interest in widely recognized platforms such as ChatGPT, Claude, and Gemini.
The report stated that fake ChatGPT applications represented nearly half of all detected attacks during the period, accounting for 49 percent of malicious activity linked to artificial intelligence themed lures. Claude and Gemini each accounted for 18 percent of identified attacks, reflecting a broader pattern in which threat actors imitate trusted brands to build credibility and improve the success rate of malicious downloads. Security researchers observed that attackers frequently package malware as legitimate AI software to deceive users searching for productivity tools, content generation platforms, and intelligent assistants. Once downloaded, these fake applications may expose users to a wide range of cybersecurity threats, including credential theft, financial fraud, unauthorized access, and long term device compromise. Analysts noted that the growing popularity of AI technologies has unintentionally created new opportunities for cybercriminals to exploit trust in emerging digital tools.
Since the start of 2026, Kaspersky researchers said they have identified more than 15,000 malware samples masquerading as agentic artificial intelligence software, including fake versions of rapidly growing platforms such as OpenClaw. The malicious samples included banking trojans designed to steal financial information, spyware capable of monitoring user activity, exploits targeting software weaknesses, and malware downloaders that can silently deploy additional harmful payloads onto infected systems. Researchers warned that these threats are increasingly sophisticated and often operate silently, making them difficult for ordinary users to identify before damage occurs. In several cases, malicious files were disguised to closely resemble legitimate AI applications, making it easier for threat actors to exploit user trust and encourage installation through deceptive branding and familiar interfaces.
During May 2026, Kaspersky’s Global Research and Analysis Team also uncovered a separate campaign linked to the Silver Fox advanced persistent threat group, which reportedly distributed fake Claude AI applications targeting users across Windows, macOS, and Linux operating systems. According to researchers, the attackers designed fraudulent installers to appear legitimate to users attempting to access artificial intelligence tools. Once executed, the installers silently deployed malware capable of maintaining long term access to compromised systems while enabling attackers to obtain sensitive information stored on infected devices. The findings highlight a growing overlap between artificial intelligence adoption and cybercrime activity, as malicious actors increasingly exploit interest in emerging technologies to expand their operations. Kaspersky advised organizations to strengthen defenses through real time protection, improved threat visibility, investigation capabilities, and advanced response systems to reduce exposure to evolving cyber threats targeting corporate infrastructure and individual users alike.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
