AkiraBot Platform
Cybersecurity researchers have uncovered an AI-driven platform named AkiraBot, which is used to flood website chats, comment sections and contact forms with spam. The tool promotes shady search engine optimization (SEO) services such as Akira and ServicewrapGO, making it a significant nuisance for website owners.
Table of Contents
Widespread Impact: Over 400,000 Websites Targeted
Since September 2024, AkiraBot has been actively spamming websites, affecting at least 80,000 confirmed sites. This Python-based tool leverages OpenAI's capabilities to generate personalized outreach messages tailored to the target website's purpose.
The primary victims include small to medium-sized business websites with chat widgets and contact forms. What sets AkiraBot apart is its ability to bypass spam filters by crafting messages that appear legitimate.
From 'Shopbot' to AkiraBot: Evolution of the Spam Tool
AkiraBot initially emerged under the name 'Shopbot,' seemingly targeting websites that operate on Shopify. However, it has since broadened its reach, now affecting websites built with GoDaddy, Wix, Squarespace, and other platforms using contact forms and live chat widgets like Reamaze.
How AkiraBot Generates Spam Content
At the core of AkiraBot's operation is its integration with OpenAI's API, which it uses to create customized spam messages. The tool processes a predefined template, sending a prompt to OpenAI's chat API to generate content that aligns with the targeted website's context.
Researchers analyzing the source code found that AkiraBot employs the gpt-4o-mini model, programmed to act as a 'helpful assistant that generates marketing messages.'
Bypassing CAPTCHAs and Evading Detection
One of AkiraBot's most advanced features is its ability to bypass CAPTCHA challenges, allowing it to spam websites on a massive scale. It targets hCAPTCHA, reCAPTCHA, and Cloudflare Turnstile, circumventing these security measures with sophisticated traffic-mimicking techniques.
To evade detection, AkiraBot utilizes SmartProxy, which rotates IP addresses to obscure its source. This makes it difficult for security systems to block or trace the bot's activities.
Tracking and Metrics: The Role of Telegram
AkiraBot logs its spam attempts in a submissions.csv file, tracking both successful and failed attempts. Analysis of these logs shows that over 420,000 unique domains have been targeted.
Additionally, success metrics—including CAPTCHA bypass rates and proxy rotation efficiency—are automatically posted to a Telegram channel, allowing operators to monitor performance in real time.
OpenAI’s Response and the Bigger Picture
Following these revelations, OpenAI turned off the API key and other assets associated with the unsafe activity. However, AkiraBot's sophistication highlights a growing cybersecurity concern: AI-powered spam attacks.
The bot's ability to generate convincing, personalized messages while evading detection showcases the evolving threat AI poses to website security. As AI technology continues to advance, defending against automated spam and abuse will become an even more significant challenge for businesses and security professionals alike.
