News
AI SHIFT:

Kaspersky Flags AI And Password Risks For Malaysian Firms

Newsroom brief

Kaspersky cited Malaysian AI use, weak passwords and hybrid work as workplace cybersecurity risks after recording higher 2025 spyware and backdoor detections. It did not name victim companies, incident costs or confirmed breaches tied to AI-themed lures.

Verified against source materialEdited by SendTech Times Cybersecurity Desk
Kaspersky Flags AI And Password Risks For Malaysian Firms
Image source: Tech Wire Asia

Malaysian companies are being warned that everyday AI use is now part of the country’s cybersecurity exposure, after Kaspersky cited weak password practices, hybrid work and rising detections of spyware, backdoors and fake AI tools.

The company’s figures make the Malaysia AI cybersecurity risks story more concrete than a general workplace-awareness warning, but they remain vendor telemetry rather than named incident reporting.

Kaspersky Cited AI Use And Weak Passwords In Malaysia

Kaspersky said the risk begins when Malaysian workers reuse personal and professional technology across devices, accounts, applications and online services.

The company linked that behaviour to weak passwords, compromised accounts and risky file sharing.

Kaspersky’s AI-use findings said 87% of Malaysian respondents who had used AI tools used them to search for information.

The company said 63% used AI for work-related tasks, including preparing reports, emails, presentations and other documents.

More than one-third of Malaysian respondents also reported personal uses, including study support, leisure, trip planning and routine tasks.

A separate Kaspersky study said only 57% of Malaysian respondents had enabled two-factor authentication.

Kaspersky said 44% continued to use easy-to-guess passwords or repeated passwords across accounts.

The Malaysian Employers Federation study cited by Kaspersky said more than 70% of companies in Malaysia had adopted hybrid working models.

Spyware And Backdoor Detections Rose In 2025

Kaspersky counted 194,692 blocked spyware attempts against organisations in Malaysia in 2025, which the company described as 75% higher than the previous year.

Kaspersky also said Malaysian businesses had 212,239 backdoor detections in 2025, with that category rising 86% year on year.

The article described spyware as software used to collect sensitive information.

It described backdoors as methods that let attackers maintain unauthorised access to compromised systems.

Those definitions keep the reported increase tied to Kaspersky’s detection categories rather than proving a broader national breach count.

Fake AI Services Accounted For Early-2026 Detections

Kaspersky also described malicious files and unwanted apps that borrowed AI-service branding.

Kaspersky counted more than 92,000 such detections from January through early May 2026, and the company said almost half used fake ChatGPT branding.

Malwarebytes separately said in May 2026 that attackers had copied OpenAI’s desktop-app download page for a fake ChatGPT site serving malware to Windows and macOS machines.

Malwarebytes said the payloads included credential-stealing malware and backdoors.

The FBI warning described redirection systems that route users towards fake sign-in pages, phishing destinations and malicious update downloads.

The US Federal Trade Commission advises users to check links before clicking and to reach official websites directly.

SMB Data Shows ChatGPT, Claude And DeepSeek Lures

Kaspersky said ChatGPT, Claude and DeepSeek were the leading AI-themed brands in its early-2026 global SMB lure data, with shares of 42%, 24% and 20% of detections, respectively.

According to Kaspersky, its products saw more than 1,800 Southeast Asian SMB attacks from January to April 2026 involving unwanted or malicious PC software presented as AI services.

ASEAN data said micro, small and medium-sized enterprises represent 97.2% to 99.9% of all establishments across member states.

Kaspersky did not identify named Malaysian victim companies, disclose incident costs, publish customer-level breach outcomes, or connect the AI-themed detections to confirmed breaches at specific Malaysian businesses.

Share this article
inXf

Related articles

More
Socket Tracks 108 Malicious Packages In PolinRider Supply-Chain Attack
Cybersecurity

Socket Tracks 108 Malicious Packages In PolinRider Supply-Chain Attack

Socket reported 162 malicious release artefacts across 108 packages in the PolinRider supply-chain campaign. The report names Go, Packagist and Chrome extension exposure but does not identify victim companies.

Sysdig Says AI Ransomware Still Needed Human Setup
Cybersecurity

Sysdig Says AI Ransomware Still Needed Human Setup

Sysdig described JadePuffer as agentic ransomware, but Michael Clark said a human still chose the victim, provisioned infrastructure and supplied database credentials before the AI agent executed the attack.

Unit 42 Finds 13,229 Malicious URLs In AI Phantom-Domain Study
Cybersecurity

Unit 42 Finds 13,229 Malicious URLs In AI Phantom-Domain Study

Unit 42 said its phantom-squatting research generated 685,339 prompts across 913 brands and produced 2.1 million unique URLs, including 13,229 malicious URLs and about 250,000 unique phantom domains. The vendor research did not disclose the brand list, affected customer names or named domains tied to data loss.

IBM, Red Hat And Deloitte Put Lightwell On Regulated Open-Source Patch Work
Cybersecurity

IBM, Red Hat And Deloitte Put Lightwell On Regulated Open-Source Patch Work

Deloitte is joining IBM and Red Hat’s Lightwell initiative to map open-source components, validate patches and support regulated software supply chains, backed by IBM and Red Hat’s $5 billion commitment.

AI Coding Push Turns Developers Into a Prime Cybersecurity Target
Cybersecurity

AI Coding Push Turns Developers Into a Prime Cybersecurity Target

A Japanese @IT analysis says attackers are increasingly targeting developers because AI coding tools, OSS, CI/CD pipelines and cloud services concentrate valuable credentials around them. The report highlights vulnerable AI-generated code, fake recruiting approaches, polluted open-source packages and GitHub Actions-style automation attacks. The practical warning is that companies need stronger identity, dependency and workflow controls rather than relying only on individual developer caution.

UAE Cyber Summit Puts AI Risk Inside A National Resilience Plan
Cybersecurity

UAE Cyber Summit Puts AI Risk Inside A National Resilience Plan

The UAE’s 3rd Government Cybersecurity Summit in Abu Dhabi framed cyber defence as a national resilience issue, linking AI-enabled threats, telecom exposure, data compression and regional cooperation.

Keep Reading

More Stories

Latest
AscendEX Shuts Down With User Payouts UnclearFintech & Digital PaymentsJul 9, 2026AscendEX Shuts Down With User Payouts UnclearAscendEX said it ceased operations on July 1 after MiCA authorisation, liquidity and operational pressures, with account access limited to offboarding. The exchange said it could not give assurances on withdrawal timing or amounts, while ZachXBT had flagged nearly empty hot wallets.SpaceXAI Prices Grok 4.5 Below Frontier AI RivalsAIJul 9, 2026SpaceXAI Prices Grok 4.5 Below Frontier AI RivalsSpaceXAI released Grok 4.5 with company pricing of $2 per 1 million input tokens and $6 per 1 million output tokens, below several named frontier AI rivals. The company did not publish independent benchmark validation, customer adoption data or enterprise deployment terms.Meta Faces Backlash Over AI Images From Public Instagram PhotosCapital & PolicyJul 9, 2026Meta Faces Backlash Over AI Images From Public Instagram PhotosMeta is facing criticism after BBC reported that Muse Image can generate AI pictures using public Instagram profile photos for US users. Meta said public-account holders can opt out, while campaigners warned that the setting is separate from normal account privacy controls.Telstra Outage Stops 300 Triple Zero Calls In AustraliaTelco & ConnectivityJul 9, 2026Telstra Outage Stops 300 Triple Zero Calls In AustraliaA Telstra outage in Australia disrupted mobile voice and data services and stopped 300 triple zero emergency calls, according to Light Reading. Telstra said just under 90% of calls and data services had been restored after 12 hours, but the report did not include total affected users, the full systems involved or any new redundancy plan.SpaceX And Orbital File 100,000-Satellite Plans At FCCCloud & Data CentersJul 9, 2026SpaceX And Orbital File 100,000-Satellite Plans At FCCSpaceX and Orbital Compute have filed separate FCC plans for 100,000 satellites each, with SpaceX targeting Starlink Gen 3 broadband and Orbital proposing space-based AI data-centre capacity. The filings do not include approvals, named customers, launch cadence or final commercial timetables.Rapidus Targets 2027 2nm Fab Ramp Without Volume CustomerChips & SemiconductorsJul 9, 2026Rapidus Targets 2027 2nm Fab Ramp Without Volume CustomerRapidus has EUV equipment running at its Chitose fab and plans 2nm mass production in 2027, but Tom's Hardware reported that the Japanese chipmaker still lacks a committed high-volume customer.Sony Wins OCC Conditional Trust Charter For Stablecoin UnitFintech & Digital PaymentsJul 9, 2026Sony Wins OCC Conditional Trust Charter For Stablecoin UnitSony disclosed that the OCC has conditionally approved a U.S. national trust bank for Connectia Trust, a Sony Financial Group subsidiary that would issue and manage dollar-denominated stablecoins. Sony said the unit will be capitalised at $40 million, while trade groups and consumer advocates objected to the charter path.Mastercard Says 77% Of Saudi SMEs Accept Online PaymentsFintech & Digital PaymentsJul 8, 2026Mastercard Says 77% Of Saudi SMEs Accept Online PaymentsMastercard research says 75% of Saudi SME leaders remain confident despite a fall from a 92% benchmark, while 77% accept online payments and the Saudi sample size is not disclosed.Naver And KAI Sign Defence AI MOU Without Weapons-Control TimelineAIJul 8, 2026Naver And KAI Sign Defence AI MOU Without Weapons-Control TimelineNaver, Naver Cloud and KAI signed a defence AI MOU for sovereign models and physical AI combat platforms, but the companies did not disclose budget, deployment timing, test results or weapons-control approvals.Elisa Claims AI Automation Cut Network Incidents By More Than 80%Telco & ConnectivityJul 8, 2026Elisa Claims AI Automation Cut Network Incidents By More Than 80%RCR Wireless News reported that Elisa says AI-powered automation has reduced customer-impacting network incidents by more than 80% and pushed preventive actions to 99%, while the operator still has not deployed Open RAN.AI Times Says Infrastructure Captures 82% Of Generative AI ValueCloud & Data CentersJul 8, 2026AI Times Says Infrastructure Captures 82% Of Generative AI ValueAI Times Korea cited Exponential View data showing 82% of measured AI-economy value going to cloud, GPU and inference infrastructure in Q1 2026, while foundation-model companies accounted for 11% and applications 7%.Klarna Seeks U.S. Industrial Bank Charter As Partner-Bank Model Faces ReviewFintech & Digital PaymentsJul 8, 2026Klarna Seeks U.S. Industrial Bank Charter As Partner-Bank Model Faces ReviewBanking Dive reported that Klarna applied for a U.S. industrial bank charter after the company said it had extended $91.3 billion in credit to U.S. consumers; the application still needs FDIC and Utah approval.