Cutting corners: A sophisticated spam campaign leveraging GenAI’s large language models has targeted tens of thousands of websites, revealing the darker side of LLMs. According to a detailed report by SentinelLabs, the framework behind this operation, dubbed AkiraBot, has successfully bypassed spam detection filters, delivering AI-generated messages to over 80,000 websites in just four months.
AkiraBot is a Python-based framework that exploits website contact forms and live chat widgets, primarily targeting small and medium-sized businesses. Its goal is to promote questionable search engine optimization services under the brands “Akira” and “ServiceWrap.”
Unlike traditional spam tools that rely on repetitive templates, AkiraBot uses OpenAI’s chat API to generate unique messages tailored to each targeted website. It crafts personalized content using site-specific details scraped with BeautifulSoup, making the messages more difficult for spam filters to detect.
The framework’s modular design includes advanced CAPTCHA bypass mechanisms and network evasion techniques. It uses Selenium WebDriver to simulate legitimate browsing behavior, along with scripts like inject.js to manipulate browser attributes such as graphics rendering, installed fonts, and system memory profiles.
These modifications allow AkiraBot to mimic real user behavior, defeating CAPTCHA systems like hCAPTCHA and reCAPTCHA. Additionally, it relies on proxy services like SmartProxy to diversify traffic sources and evade IP-based restrictions.
SentinelLabs uncovered archives dating back to September 2024 that document AkiraBot’s evolution. Initially referred to as “Shopbot,” the framework expanded its targeting from Shopify-based websites to platforms like GoDaddy, Wix, Squarespace, and others commonly used by small businesses.
The bot’s graphical user interface allows operators to monitor success metrics and adjust settings for concurrently targeting multiple websites. Logs obtained by researchers reveal that AkiraBot successfully spammed over 80,000 domains while failing on approximately 11,000 attempts. In total, more than 420,000 unique domains were targeted.
The use of AI-generated content in spam campaigns marks a significant shift in tactics. It highlights the dual-use nature of large language models: while they power innovations in automation and communication, they also provide tools for malicious activity.
OpenAI responded promptly after being alerted by SentinelLabs, disabling the API key associated with AkiraBot and reaffirming its commitment to preventing misuse. “Distributing output from our services for spam is against our policies,” OpenAI stated. “We take misuse seriously and are continually improving our systems to detect abuse.”
Despite this, SentinelLabs warns that AkiraBot’s operators are likely to continue refining their techniques as website hosting providers strengthen defenses. It noted that the campaign’s reliance on CAPTCHA bypassing technologies and proxy rotation demonstrates a high level of sophistication and determination.
