Fake AI Tools and SEO Tricks: 8,500 SMBs Targeted in Malware Campaign

Cybersecurity experts have uncovered a wide-scale campaign using SEO poisoning and fake software sites to trick users into downloading malware disguised as popular AI and productivity tools.

Malware Delivered Through Fakes

According to Arctic Wolf, attackers are promoting trojanized versions of legitimate software like PuTTY and WinSCP through fake sites such as puttyy[.]org and updaterputty[.]com. Once downloaded, these tools install a backdoor known as Oyster (also called Broomstick), which maintains persistence through scheduled tasks and malicious DLLs.

Another strand of the campaign leverages AI-related search terms to lure users to phishing pages. These sites serve password-protected ZIP archives that contain large, seemingly legitimate installers. When launched, they install data-stealing malware like Vidar and Lumma, using AutoIt or batch scripts to avoid detection.

Hijacking Tech Support Queries

Malicious actors are also hijacking tech support queries for brands like Apple and Netflix. Using search parameter injection, scammers alter official brand support pages to show fake phone numbers, deceiving users into calling threat actors directly.

MacOS Is Also Targeted

Malware targeting macOS systems has been detected using similar tactics. Researchers identified Poseidon Stealer and PayDay Loader, the latter using Google Calendar events and obfuscated JavaScript to deploy payloads like Lumma Stealer on Windows and Node.js modules to extract crypto wallets.

8,500 SMB Users Tricked in Just Four Months

Kaspersky reports that between January and April 2025, over 8,500 SMB users were targeted. Malware disguised as Zoom, Outlook, ChatGPT, and Microsoft Office tools was widely distributed. Zoom-related files made up 41% of malicious variants, with ChatGPT impersonations surging by 115%.

Stay Safe: Use Official Sources Only

Security researchers urge users to download tools only from official vendor websites and avoid clicking on sponsored ads in search results—especially when looking for AI or collaboration software.