Cybersecurity researchers revealed details of artificial intelligence (AI) platform (AI) Akirabot This is used to spam chat on the site, sections of comments and contact forms for promote Services of questionable search engine optimization (SEO) such as Akira and ServicewrapGo.
“Akirabot aimed at over 400,000 sites and successfully spoke at least 80,000 sites since September 2024,” – Sentinelone researchers Alex Delomot and Jim Walter – Note In a report that shared with Hacker News. “The bot uses Openai to create user information based on the purpose of the web -us.”
The goals of the activity include contact forms and widgets for chat, which are present on small and medium -sized business sites, with the scope of joint content of spam generated using large Openai (LLM) linguistic models. What makes the “spreading” tool based on Python is its ability to produce content so that it can bypass the spam filters.
It is believed that the volume exchange tool has been used at least from September 2024, starting under the name “Shopbot” in that it seems to be a link to web -car using Shopify.
Over time, Akirabot has expanded its aimed trail to include sites designed using Godaddy, Wix and SquareSpace, as well as those that have common contact forms, and live chat widgets built with Reamaze.
The essence of surgery – which should create spam content – promotes the use of API Openai. The tool also offers a graphic user interface (GUI) to select the web list that needs to be navigated and set up how many of them can be directed simultaneously.
“Akirabot creates custom spam -messages for target web -styas, processing a template that contains a general message type plan that should send a bot,” the researchers said. “The template is handled by a hint directed in the API Openai Chat to create an individual information message based on the content of the site.”
The source code analysis shows that the Openai customer uses the GPT-4O-Mini model and is assigned the role of “a useful assistant that generates marketing messages”.
Another noticeable aspect of the service is that it can bypass the CAPTCHA barriers for spam on scale sites and shy away from network detections, based on the proxy service, which is usually offered by advertisers. The CAPTCHA target services consist of HCAPTCHA, RECAPTCHA and Cloudflare Turnstile.
To achieve this, the Bot web -traffick is designed to imitate the legal final user and uses different proxy -foods with SmartProxy to obscure the traffic source.
Akirabot is also customized to register its activity in a file called “Vision.csv”, which records both successful and unsuccessful spam attempts. Expertise of these files showed that more than 420,000 unique domains have been sent to date. In addition, the success indicators associated with the CAPTCHA and the proxy crop rotation are collected and located on the Cancer Telegram via API.
In response to the conclusions, Openai disabled the API key and other related assets used by the threat subjects.
“The author or authors have invested significant efforts in the ability of this bot to bypass the commonly used CAPTCHA technologies, which shows that operators are motivated to violate service providers,” the researchers said. “The use of Akirabot, the LLM generated, the contents of the spam, demonstrates new problems that AI causes spam attack sites.”
The development coincides with the advent of cybercrime tool called Xanthorox AI, which is sold as chatbot to process code generation, malware development, vulnerability and data analysis. The platform also supports voice interaction through real -time voice calls and asynchronous voice messages.
“Xanthorox AI works on five different models, each of them is optimized for different operational tasks,” Slashnext – Note. “These models are fully operating on local servers controlled by the seller rather than unfolding through a public cloud infrastructure or through open API. This local approach dramatically reduces the chances of detecting, disabling or leaking.”
