Cybercriminals have found a very efficient disguise: the names people already trust. Since the start of 2026, more than 92,000 attacks have been detected worldwide in which malware was packaged to look like popular AI services, with ChatGPT used as bait in 49% of cases and Claude and Gemini at 18% each.
The scale is not just noisy; it is industrial. Security researchers say they have identified more than 15,000 unique malware samples in these campaigns, including fake versions of newer tools such as OpenClaw. That mix includes banking trojans, spyware, and downloaders built to pull in extra malicious modules later, which is the sort of follow-up invitation nobody wants.
Fake Claude apps target Windows, macOS and Linux
In May, Kaspersky’s Global Research and Analysis Team spotted a campaign aimed at users of Windows, macOS, and Linux. The attackers, linked to the Silver Fox group, spread counterfeit Claude AI apps that installed quietly and gave them long-term access to victims’ data.
That detail matters because it shows how quickly the abuse of AI branding has moved beyond simple phishing pages. The pitch is no longer just ”click here for a free tool”; it is ”install this assistant” – a much more persuasive lie, especially in offices where AI software is becoming part of the daily workflow.
Why AI branding is such a strong lure
Popular AI names now do the work attackers used to do manually with vague promises and typo-ridden pages. A familiar logo lowers suspicion, and the rush to try new AI tools gives malware an unusually friendly disguise. The result is a neat little scam: steal trust first, then steal data or money.
”The introduction of AI agents into corporate environments changes the very nature of trust. Now every automated action becomes part of a complex chain of interconnected systems and data exchange. In these conditions, security is no longer limited to protecting endpoints – the key role is played by controlling the spread of data, privileges, and decisions between interconnected AI-driven processes.”
Дмитрий Галов, Kaspersky GReAT in Russia
His warning is aimed at a real shift in how companies are using software. As AI assistants plug into email, files, and internal systems, the attack surface stops being one laptop or one server and becomes a web of permissions. That is a gift to criminals, because the more systems talk to each other, the more places there are to hide.
What users should watch for
- Unexpected downloads that claim to be AI assistants or ”new” AI tools.
- Installer files that request broad system access before doing anything useful.
- Apps using familiar AI branding but coming from unofficial sources.
The next wave is likely to follow the same formula with whatever model name gets hottest next. For attackers, the product label matters less than the trust attached to it – and that is a problem no patch can fix on its own.