Cybersecurity researchers have revealed details about an AI-powered platform called Akirabot, used in Akirabot, comments sections and contact forms, facilitating suspicious search engine optimization (SEO) services such as Akira and ServiceWrapgo.
“Akirabot has targeted more than 400,000 websites since September 2024 and has successfully spamed at least 80,000 websites,” Sentinelone researchers Alex Delamotte and Jim Walter said in a report shared with Hacker News. “Bots use OpenAI to generate custom outreach messages based on the purpose of the website.”
The targets for the activity include contact forms and chat widgets that exist on small to medium business websites, and the framework shares spam content generated using Openai’s leading language model (LLMS). What sets the “sparse” Python-based tool stand apart is the ability to create content so that spam filters can be bypassed.
Bulk messaging tools are believed to be in use since at least September 2024, starting with the name “Shopbot”, which appears to be a reference to a website using Shopify.
Over time, Akirabot has expanded its targeting footprint to include sites developed using GoDaddy, Wix, Squarespace, and sites with general contact forms and live chat widgets built using Reamaze.
The core of the operation, which is generating spam content, is facilitated by leveraging the OpenAI API. The tool also provides a graphical user interface (GUI) to select a list of targeted websites and customize the number that can be targeted at the same time.
“Akirabot creates custom spam messages for the target website by processing templates that contain a general outline of the types of messages the bot should send,” the researchers said. “The template is processed by a prompt sent to the Openai chat API and generates customized outreach messages based on the content of the website.”
Source code analysis revealed that Openai clients use the GPT-4O-MINI model and are assigned the role of “helper assistants to generate marketing messages.”
Another notable aspect of this service is that it can avoid Captcha Barriers on spam websites of scale and avoid network-based detection by relying on proxy services typically provided to advertisers. The targeted Captcha service consists of Hcaptcha, Recaptcha and CloudFlare Turnstile.
To achieve this, BOT’s web traffic is designed to mimic legitimate end users, using various proxy hosts in SmartProxy to obscure the source of traffic.
Akirabot is configured to log activity in a file named “submissions.csv” which records both successful and unsuccessful spam attempts. Examining these files revealed that over 420,000 unique domains have been targeted so far. Additionally, success metrics related to Captcha bypass and proxy rotation are collected and posted to the telegram channel via the API.
In response to the findings, Openai invalidated the API keys and other related assets used by threat actors.
“The author or author has invested a great deal of effort in the bot’s ability to bypass commonly used Captcha technology, demonstrating that operators are motivated to violate service provider protection,” the researcher said. “Akirabot’s use of LLM-generated spam message content exemplifies the new challenges AI poses to protecting websites against spam attacks.”
This development coincides with the emergence of a cybercrime tool called Xanthorox AI, sold as an all-in-one chatbot that handles code generation, malware development, vulnerability exploitation, and data analysis. The platform also supports real-time voice calls and voice-based interactions via asynchronous voice messaging.
“The Xanthorox AI comes in five different models, each optimized for different operational tasks,” Slashnext said. “These models run entirely on local servers controlled by sellers rather than deployed through public cloud infrastructure or exposed APIs. This local-first approach significantly reduces the likelihood of detection, shutdown, or traceability.”
Source link
