In a recent development, a major spam campaign has been discovered by security researchers, targeting over 400,000 websites with messages promoting suspicious SEO services. This spam framework, named “AkiraBot” by SentinelLabs, utilizes content generated by an OpenAI large language model (LLM) to craft its outreach messages. The campaign specifically aims at SME business websites hosted on popular platforms like Shopify, GoDaddy, Wix, and Squarespace, managing to infiltrate 80,000 sites since September 2024.
The use of LLM-generated content in the spam messages serves a strategic purpose, allowing them to evade spam filters more effectively. Each message generated by the bot is unique, making it challenging for traditional filtering mechanisms to catch them. Moreover, the attackers behind AkiraBot continually switch the domain used in the messages, adding another layer of complexity for spam filters to overcome.
In their investigation, SentinelLabs noted that the bot creator has invested efforts in bypassing CAPTCHA filters and evading network detections. They use proxy services, typically used by advertisers, to conceal their activities. This sophisticated approach to spamming highlights the evolving tactics employed by cybercriminals to circumvent security measures.
The evolution of AkiraBot is evident in its shift from targeting website contact forms to live chat widgets and comments sections. The use of hardcoded OpenAI API keys in various versions of the bot indicates a consistent reliance on AI-generated content for spamming purposes. Additionally, AkiraBot employs CAPTCHA bypass services and multiple proxy hosts to avoid detection, showcasing a high level of sophistication in their operations.
As of January 2025, AkiraBot had successfully spammed 80,000 websites, demonstrating the scale and impact of this campaign. SentinelLabs emphasized the challenges posed by AI-generated spam messages and recommended a more nuanced approach to defending against such attacks. They advised website owners to consider implementing complex interaction-based challenges instead of solely relying on CAPTCHA.
Jim Walter, a senior threat researcher at SentinelLabs, highlighted the need for website owners to adapt their defense strategies to combat evolving spam campaigns like AkiraBot. By incorporating more advanced security measures and deterring tactics, businesses can better protect their online presence from malicious actors. The emergence of AI-driven threats underscores the importance of staying vigilant and proactive in safeguarding digital assets against sophisticated cyber threats.