ChatGPT can be useful for many tasks, both benign and malicious. Security researchers at SentinelOne have uncovered AkiraBot, an automated spam creation tool which has been ruining the lives of thousands of small and medium-sized businesses since September 2024. As of January, the bot's archive (which has no connection to the Akira ransomware group) contained more than 420,000 targeted sites, 80,000 of which were successfully targeted.
AI Harnessed to Rot the Web
AkiraBot is a bot written in Python that targets contact forms and chat widgets embedded in these companies' websites. The bot uses the API provided by OpenAI to generate messages tailored to the content of each targeted site, making them very difficult to detect. Furthermore, the bot is designed to bypass captchas, including those from Google and Cloudflare, through browser emulation and scripts.
The messages sent by AkiraBot are commercial spam, whose objective is to promote dubious SEO services to rise in Google search results. Furthermore, the SEO platforms promoted by the bot are associated with suspicious reviews on TrustPilot, often very positive and probably generated automatically, which reinforces the hypothesis of a well-organized fraudulent campaign.
“AkiraBot’s use of spam content generated by language models demonstrates the new challenges that artificial intelligence poses for protecting websites against spam attacks,” write the SentinelLabs researchers. Upon being notified, OpenAI closed the fraudulent account and reminded users that “” using our services to spread spam is against our policies. The affected API key has been disabled, and we are continuing our investigation to disable all associated resources.»
Source: SentinelOne
0 Comments