Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO.
“AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September 2024,” SentinelOne researchers Alex Delamotte and Jim Walter said in a report shared with The Hacker News. “The bot uses OpenAI to generate custom outreach messages based on the purpose of the website.”
Targets of the activity include contact forms and chat widgets present in small to medium-sized business websites, with the framework sharing spam content generated using OpenAI’s large language models (LLMs). What makes the “sprawling” Python-based tool stand apart is its ability to craft content such that it can bypass spam filters.
It’s believed that the bulk messaging tool has been put to use since at least September 2024, starting off under the name “Shopbot” in what appears to be a reference to websites using Shopify.
Over time, AkiraBot has expanded its targeting footprint to include sites developed using GoDaddy, Wix, and Squarespace, as well as those that have generic contact forms and live chat widgets built using Reamaze.
The crux of the operation – which is to generate the spam content – is facilitated by leveraging the OpenAI API. The tool also offers a graphical user interface (GUI) to choose the list of websites to be targeted and customize how many of them can be targeted in a concurrent fashion.
“AkiraBot creates custom spam messages for targeted websites by processing a template that contains a generic outline of the type of message the bot should send,” the researchers said. “The template is processed by a prompt sent to the OpenAI chat API to generate a customized outreach message based on the contents of the website.”
An analysis of the source code reveals that the OpenAI client uses the gpt-4o-mini model and is assigned the role of a “helpful assistant that generates marketing messages.”
Another notable aspect of the service is that it can get around CAPTCHA barriers to spam websites at scale and evades network-based detections by relying on a proxy service that’s typically offered to advertisers. The targeted CAPTCHA services consist of hCAPTCHA, reCAPTCHA, and Cloudflare Turnstile.
To accomplish this, the bot’s web traffic is designed to mimic a legitimate end user and makes use of different proxy hosts from SmartProxy to obscure the source of the traffic.
AkiraBot is also configured to log its activities in a file named “submissions.csv” that records both successful and failed spam attempts. An examination of these files has revealed that more than 420,000 unique domains have been targeted to date. Furthermore, success metrics related to CAPTCHA bypass and proxy rotation are collected and posted to a Telegram channel via API.
In response to the findings, OpenAI has disabled the API key and other associated assets used by the threat actors.
“The author or authors have invested significant effort in this bot’s ability to bypass commonly used CAPTCHA technologies, which demonstrates that the operators are motivated to violate service provider protections,” the researchers said. “AkiraBot’s use of LLM-generated spam message content demonstrates the emerging challenges that AI poses to defending websites against spam attacks.”
The development coincides with the emergence of a cybercrime tool referred to as Xanthorox AI that’s marketed as an all-in-one chatbot to handle code generation, malware development, vulnerability exploitation, and data analysis. The platform also supports voice-based interaction via real-time voice calls and asynchronous voice messaging.
“Xanthorox AI is powered by five distinct models, each optimized for different operational tasks,” SlashNext said. “These models run entirely on local servers controlled by the seller, rather than being deployed over public cloud infrastructure or through exposed APIs. This local-first approach drastically reduces the chances of detection, shutdown, or traceability.”
