A SentinelOne investigation exposes a sophisticated tool that uses language models and evasive techniques to automate spam delivery to hundreds of thousands of websites.
AkiraBot is the name of a malicious framework that is setting a new benchmark in web spam automation. According to SentinelOne, this tool developed in Python has been used to launch massive spam campaigns against more than 400,000 domains since September 2024, managing to insert promotional messages on at least 80,000 sites.
Far from being a rudimentary tool, AkiraBot stands out for its integration with the OpenAI API, allowing it to generate unique messages for each website it targets. By scraping site content, the bot tailors marketing messages with a legitimate appearance to promote supposed SEO services under domains such as useakira[.]com and servicewrap[.]com.
A bot with generative AI and advanced evasion
The use of LLMs (large language models) enables AkiraBot to generate convincing and varied text, effectively evading spam filters that typically block repetitive content. Each message is personalized through a prompt that transforms generic templates into texts adapted to the context of each target site.
Moreover, AkiraBot has been designed to overcome common technical barriers. It employs headless browsers, browser fingerprint manipulation, rotating proxies, and multiple external services to solve CAPTCHAs, such as FastCaptcha and NextCaptcha. It also uses scripts that modify the site’s DOM in real time to simulate human user behavior.
Infrastructure and remote control
The bot is operated from Windows systems, where various scripts and versions of the framework are run. There are even identified functions that allow the operator to manage metrics and results directly from Telegram, through automated bots that report data in real time.
According to SentinelOne, all analyzed scripts share the same proxy credentials and API keys, indicating that a single actor or group is behind the project. Domains linked to previous malvertising campaigns and other fraudulent schemes have also been identified.
Marketing strategy or fraudulent scheme?
Although the spam content promotes SEO positioning services, the automated, massive, and evasive manner in which these messages are disseminated raises serious doubts about the legitimacy of these businesses. Reviews on sites like TrustPilot, with suspicious behavioral patterns, reinforce the hypothesis that at least some of the positive reviews are fake or generated automatically.
A growing challenge in the fight against automated spam
AkiraBot represents a clear example of the new type of emerging threats that combine artificial intelligence and automation to evade traditional web security systems. The difficulty in detecting common patterns in messages and the bot’s ability to quickly adapt to new protection technologies make its mitigation particularly complex.
At OpenAI, responsible for the language model used, it was confirmed that the API key was revoked after the abuse was discovered. “We take the misuse of our services very seriously and are continuously improving our tools to detect these cases,” they stated in their announcement.
AkiraBot is not just a spam bot; it is a reflection of how AI technologies can be exploited by malicious actors to operate at scale, with unprecedented effectiveness and personalization. In light of this new paradigm, platforms, developers, and web security officials must adopt more dynamic and preventive approaches to counter these types of threats.
Source: Security News