AkiraBot is an AI-powered spamming framework that has targeted over 80,000 websites since its inception in September 2024. Initially aimed at Shopify websites, the bot later expanded to platforms like GoDaddy, Wix, and Squarespace. It uses a Python framework to generate custom spam messages for contact forms and chat widgets on websites, with OpenAI’s GPT-4o-mini model powering the content creation. By leveraging large language models (LLMs), AkiraBot ensures that each message appears unique, making it harder to filter out.
The bot’s ability to bypass CAPTCHA services, such as hCAPTCHA and reCAPTCHA, sets it apart from other spamming tools. It uses the Selenium WebDriver to mimic legitimate user behavior, while proxy hosts obscure the source of traffic. Additionally, AkiraBot’s user interface allows operators to select websites to target, set the number of concurrent attacks, and track attack success. This flexibility allows it to scale and evade detection by traditional security measures.
AkiraBot’s impact is significant, with over 420,000 domains targeted in total.
The framework systematically collects attack metrics, including CAPTCHA bypass rates and successful spamming instances, storing them in a log file for review. These metrics are also sent to a Telegram channel via API for real-time updates. While OpenAI has disabled the API key used by the threat actors, the framework’s continued evolution shows the growing threat posed by AI-driven spam and the challenges of defending against it.
This campaign highlights a growing trend where AI is used for malicious purposes, bypassing traditional defenses.
Tools like AkiraBot and others demonstrate how cybercriminals are integrating AI into their attacks, making it more difficult to detect and stop them. The rise of platforms such as Xanthorox AI, which handles code generation, malware development, and data analysis, further underscores the potential dangers AI brings to cybersecurity.
