A sophisticated Python framework dubbed “AkiraBot” has successfully targeted more than 80,000 websites since September 2024, using advanced techniques to bypass security measures and deliver AI-generated spam.
The framework specifically targets small to medium-sized business websites, focusing on contact forms and chat widgets to promote dubious Search Engine Optimization (SEO) services under brands like “Akira” and “ServiceWrap.”
.webp)
AkiraBot represents a significant evolution in spam technology, utilizing OpenAI’s API to generate customized messages for each targeted website.
.png
)
The bot analyzes website content using BeautifulSoup to extract relevant information, then creates personalized spam messages that mention the website’s specific services or products.
This customization makes the messages appear legitimate and helps them bypass traditional spam filters that look for repeated content patterns.
SentinelOne researchers identified that AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 of them.
The researchers noted the tool’s sophisticated modular design, which employs multiple CAPTCHA bypass mechanisms and network detection evasion techniques rarely seen in typical spam operations.
The framework’s architecture reveals careful planning to maximize reach while minimizing detection.
AkiraBot includes a graphical interface that allows operators to monitor success metrics and customize operational parameters such as thread count for concurrent targeting.
Logs recovered from the tool show thousands of successful submissions across various website platforms, including those built on Shopify, Squarespace, and other content management systems commonly used by small businesses.
At the heart of AkiraBot’s evasion capabilities is its advanced CAPTCHA bypass system. The tool utilizes multiple external services including Capsolver and maintains a “fingerprint server” that modifies how websites load in real-time.
This server manipulates browser attributes to make automated sessions appear like legitimate human users. The following code snippet demonstrates how AkiraBot generates tokens to bypass CAPTCHA protections:-
class TokenGenerator_fastcaptcha:
def __init__(self, target_url, ui_manager=None):
self.ui_manager = ui_manager
self.api_key = "REDACTED"
self.site_key = "REDACTED"
self.target_url = target_url
self.headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, Like Gecko) Chrome/131.0.6778.86 Safari/537.36',
'Content-Type': 'application/json',
'Accept': '*/*'
}The framework’s network evasion techniques represent another layer of sophistication. AkiraBot relies on SmartProxy, a service that provides residential, datacenter, and mobile proxies.
This allows the bot to distribute its traffic across numerous IPs, making it difficult for websites to identify and block the spam campaign.
.webp)
The tool automatically rotates proxies when encountering resistance. Additionally, some versions include Telegram integration for real-time monitoring and control of the operation, demonstrating the commercial-grade infrastructure supporting this campaign.
.webp)
OpenAI has responded to SentinelOne’s report by disabling the API keys associated with AkiraBot and investigating related assets.
“We take misuse seriously and are continually improving our systems to detect abuse,” stated an OpenAI representative, highlighting the ongoing challenges posed by AI-powered spam campaigns.
Equip your team with real-time threat analysis With ANY.RUN’s interactive cloud sandbox -> Try 14-day Free Trial
