From January to the beginning of May, Kaspersky solutions have detected more than 92 000 global attacks of malware and potentially unwanted applications disguised as popular Artificial Intelligence (AI) agents and AI services.
Cybercriminals exploited trusted brands to lure victims into downloading malicious files, with fake ChatGPT applications accounting for 49% of all detected attacks – while Claude and Gemini each represented 18%.
Since the beginning of the year, Kaspersky researchers have identified more than 15 000 samples of malware masquerading as agentic AI software, including fake versions of rapidly growing tools such as OpenClaw. Among these samples were banking trojans, spyware, exploits, and malware downloaders capable of deploying additional malicious payloads.
In May, Kaspersky Global Research and Analysis Team also uncovered a new campaign linked to the Silver Fox advanced persistent threat (APT) group. In this operation, attackers distributed fake Claude AI applications for Windows, macOS, and Linux targeting users seeking access to AI tools. Once launched, the malicious installers silently deployed malware on to victims’ devices, enabling long-term access to compromised systems and sensitive information.
“The introduction of AI agents into enterprise environments changes the nature of trust itself,” says Dmitry Galov, head of Russia and CIS units at Kaspersky Global Research and Analysis Team. “Every automated action becomes part of a wider chain of systems and data exchanges, which means security is no longer just about protecting endpoints – it is about controlling how intelligence, permissions, and decisions propagate across interconnected AI-driven processes.
“Users should also keep in mind that attackers are actively leveraging popular AI services as a lure to steal victims’ confidential data and funds,” he adds. “Taking into account the evolution of modern threat landscape, reliable security solutions are becoming an essential part of digital life.”