Kaspersky Flags AI And Password Risks For Malaysian Firms
Kaspersky cited Malaysian AI use, weak passwords and hybrid work as workplace cybersecurity risks after recording higher 2025 spyware and backdoor detections. It did not name victim companies, incident costs or confirmed breaches tied to AI-themed lures.

Malaysian companies are being warned that everyday AI use is now part of the country’s cybersecurity exposure, after Kaspersky cited weak password practices, hybrid work and rising detections of spyware, backdoors and fake AI tools.
The company’s figures make the Malaysia AI cybersecurity risks story more concrete than a general workplace-awareness warning, but they remain vendor telemetry rather than named incident reporting.
Kaspersky Cited AI Use And Weak Passwords In Malaysia
Kaspersky said the risk begins when Malaysian workers reuse personal and professional technology across devices, accounts, applications and online services.
The company linked that behaviour to weak passwords, compromised accounts and risky file sharing.
Kaspersky’s AI-use findings said 87% of Malaysian respondents who had used AI tools used them to search for information.
The company said 63% used AI for work-related tasks, including preparing reports, emails, presentations and other documents.
More than one-third of Malaysian respondents also reported personal uses, including study support, leisure, trip planning and routine tasks.
A separate Kaspersky study said only 57% of Malaysian respondents had enabled two-factor authentication.
Kaspersky said 44% continued to use easy-to-guess passwords or repeated passwords across accounts.
The Malaysian Employers Federation study cited by Kaspersky said more than 70% of companies in Malaysia had adopted hybrid working models.
Spyware And Backdoor Detections Rose In 2025
Kaspersky counted 194,692 blocked spyware attempts against organisations in Malaysia in 2025, which the company described as 75% higher than the previous year.
Kaspersky also said Malaysian businesses had 212,239 backdoor detections in 2025, with that category rising 86% year on year.
The article described spyware as software used to collect sensitive information.
It described backdoors as methods that let attackers maintain unauthorised access to compromised systems.
Those definitions keep the reported increase tied to Kaspersky’s detection categories rather than proving a broader national breach count.
Fake AI Services Accounted For Early-2026 Detections
Kaspersky also described malicious files and unwanted apps that borrowed AI-service branding.
Kaspersky counted more than 92,000 such detections from January through early May 2026, and the company said almost half used fake ChatGPT branding.
Malwarebytes separately said in May 2026 that attackers had copied OpenAI’s desktop-app download page for a fake ChatGPT site serving malware to Windows and macOS machines.
Malwarebytes said the payloads included credential-stealing malware and backdoors.
The FBI warning described redirection systems that route users towards fake sign-in pages, phishing destinations and malicious update downloads.
The US Federal Trade Commission advises users to check links before clicking and to reach official websites directly.
SMB Data Shows ChatGPT, Claude And DeepSeek Lures
Kaspersky said ChatGPT, Claude and DeepSeek were the leading AI-themed brands in its early-2026 global SMB lure data, with shares of 42%, 24% and 20% of detections, respectively.
According to Kaspersky, its products saw more than 1,800 Southeast Asian SMB attacks from January to April 2026 involving unwanted or malicious PC software presented as AI services.
ASEAN data said micro, small and medium-sized enterprises represent 97.2% to 99.9% of all establishments across member states.
Kaspersky did not identify named Malaysian victim companies, disclose incident costs, publish customer-level breach outcomes, or connect the AI-themed detections to confirmed breaches at specific Malaysian businesses.


















