January to May 2026: Kaspersky detects over 92,000 malware attacks disguised as AI services

ISLAMABAD: A global cybersecurity company on Thursday revealed that the company has detected over 92,000 attacks of malware and potentially unwanted applications disguised as popular Artificial Intelligence (AI) agents and AI services during January to May 2026.

According to a report of the company released on Thursday, the cybercriminals exploited trusted brands to lure victims into downloading malicious files, with fake ChatGPT applications accounting for 49 percent of all detected attacks, while Claude and Gemini each represented 18 percent.

Since the beginning of the year, Kaspersky researchers have identified more than 15,000 samples of malware masquerading as agentic AI software, including fake versions of rapidly growing tools such as OpenClaw. Among these samples were banking trojans, spyware, exploits, and malware downloaders capable of deploying additional malicious payloads.

In May 2026 Kaspersky Global Research and Analysis Team also uncovered a new campaign linked to the Silver Fox advanced persistent threat (APT) group. In this operation, attackers distributed fake Claude AI applications for Windows, macOS, and Linux, targeting users seeking access to AI tools. Once launched, the malicious installers silently deployed malware onto victims’ devices, enabling long-term access to compromised systems and sensitive information.

Kaspersky recommended organisations to protect corporate infrastructure against a wide range of threats by using solutions such as from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and advanced response capabilities.

Copyright Business Recorder, 2026