Small business security warning - new malware is spoofing tools such as ChatGPT, Microsoft Office and Google Drive, so be on your guard

News
By published

Are you sure you're downloading the right ChatGPT?

Trojan
(Image credit: wk1003mike / Shutterstock)
  • Cybercriminals spoof trusted tools like ChatGPT and Office to target small businesses with malware
  • PUAs and fake apps hitting SMBs hardest
  • Backdoors, Trojans, and downloaders dominate threat types across Europe and Africa

Cybercriminals are constantly abusing the trust small and medium-sized businesses (SMB) have in certain tools to try and smuggle malware onto their IT infrastructure, experts have warned.

A report from Kaspersky has claimed ChatGPT, Microsoft Office apps, and the Google Workspace suite are among the most spoofed products as hackers try and do their worsr.

It found companies are being bombarded with fake applications - in almost a quarter of incidents (24%) across Europe, the cybercriminals tried to deploy a backdoor. Trojans (17%) and downloaders (16%) are also rather popular. In Africa, backdoors dominate with more than half of all recorded incidents (55%), followed by DangerousObjects (highly suspicious files or behaviors that are not yet classified under a specific malware category - 14%), and trojans (13%).

Backdoors, trojans, and more

“Small businesses face enterprise-level threats, often with startup-level budgets,“ says Marc Rivero, Lead Security Researcher at the Global Research and Analysis Team (GreAT) at Kaspersky.

“The key is knowing where to focus their limited resources for maximum protection. The best defense against sophisticated malware isn't the most expensive tool - it's understanding how attackers think and closing the doors they're looking for.”

In Europe, Austria was the most attacked country, taking up 40% of all detected cases in which Potentially Unwanted Applications (PUAS) and other malware were disguised as trusted tools.

Italy (25%), Germany (11%), Spain (10%), and Portugal (6%) rounded up the top five, with notable mentions being France, and the UK. Africa’s Austria in this context is Morocco with 41% of all detected PUAs targeting SMBs. Tunisia (24%), Algeria (16%), and Senegal (7%) were said to also be heavily impacted.

Hackers have always leaned onto passing trends to try and deploy malware. When ChatGPT first emerged, it did not have an app - just an in-browser interface. Cybercriminals saw this as an opportunity to advertise - via stolen Facebook Business accounts - GPT apps for both desktop and mobile, through which they distributed infostealers, backdoors, and various trojans.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.