In one of the most dangerous AI-driven digital attacks, information security researchers have revealed a malicious program named "AkiraBot".
This program flooded thousands of websites with fake messages, aiming to deceive their owners into purchasing fake search engine optimization (SEO) services.
According to concurring reports from SentinelOne (an American cybersecurity company) and The Hacker News, AkiraBot's activity began in September 2024. It targeted over 420,000 websites, actually succeeding in flooding at least 80,000 of them with spam messages.
The vast majority of these websites belong to small and medium-sized businesses (SMBs) operating on platforms such as Shopify, Wix, Squarespace, and GoDaddy.
A SentinelOne report detailed how AkiraBot operates.
The report revealed that the program uses OpenAI's API. It also relies on the GPT-4o-mini model to generate custom messages automatically sent to comment sections, contact forms, and even live chats on the targeted sites.
The messages were tailored in style for different types of websites to evade traditional detection systems.
For example, a construction company's website would receive a different message than one sent to a beauty salon's site.
However, AkiraBot's capabilities weren't limited to content creation. It could also bypass protection systems like CAPTCHA, thanks to its use of intelligent proxy services that mask the browsing source and mimic real user behavior.
Targeted systems included hCAPTCHA, reCAPTCHA, and Cloudflare Turnstile, enabling the bot to execute the attack on a large scale without drawing attention.
Analysis of the code revealed the tool uses a general template paired with custom instructions, which is then fed into the AI model to generate realistic-looking marketing messages.
An internal graphical user interface (GUI) was also observed, allowing the attacker to select the number of target websites and customize message content for each case.
SentinelOne reported that AkiraBot logged all its attempts, both successful and failed, in a file named "submissions.csv". It also sent performance reports directly to a Telegram channel, indicating the meticulous organization behind the attack.
In response, OpenAI disabled the API key associated with AkiraBot and announced it is continuing to investigate the incident.
The company also stated it is working on enhancing its systems to detect this type of abuse.
SentinelOne praised the cooperation of OpenAI's security team and their efforts in countering these types of threats.
Notably, AkiraBot is unrelated to the notorious Akira ransomware group. These attacks also coincide with the emergence of advanced hacking tools like "Xanthorox AI," which is used for developing malware and exploiting security vulnerabilities.
Security experts believe this incident highlights the growing challenges AI tools pose to internet security. This is particularly true as attackers increasingly rely on sophisticated language models to bypass technical safeguards and employ deceptive tactics that are difficult to distinguish from human behavior.
ŁŲ£ŁŲ¶Ų ŲŖŁŲ±ŁŲ±Ā SentinelOne Ų·Ų±ŁŁŲ© Ų¹Ł Ł AkiraBot.
ŁŁŲ“Ł Ų§ŁŲŖŁŲ±ŁŲ± Ų£Ł Ų§ŁŲØŲ±ŁŲ§Ł Ų¬ ŁŲ³ŲŖŲ®ŲÆŁ ŁŲ§Ų¬ŁŲ© ŲØŲ±Ł Ų¬Ų© Ų§ŁŲŖŲ·ŲØŁŁŲ§ŲŖ Ų§ŁŲ®Ų§ŲµŲ© ŲØŁ OpenAI. ŁŁ Ų§ ŁŲ¹ŲŖŁ ŲÆ Ų¹ŁŁ ŁŁ ŁŲ°Ų¬ GPT-4o-mini ŁŲ„ŁŲ“Ų§Ų” Ų±Ų³Ų§Ų¦Ł Ł Ų®ŲµŲµŲ© ŁŲŖŁ Ų„Ų±Ų³Ų§ŁŁŲ§ ŲŖŁŁŲ§Ų¦ŁŁŲ§ Ų„ŁŁ Ų£ŁŲ³Ų§Ł Ų§ŁŲŖŲ¹ŁŁŁŲ§ŲŖ ŁŁŁ Ų§Ų°Ų¬ Ų§ŁŲŖŁŲ§ŲµŁ ŁŲŲŖŁ Ų§ŁŁ ŲŲ§ŲÆŲ«Ų§ŲŖ Ų§ŁŲŁŲ© ŲÆŲ§Ų®Ł Ų§ŁŁ ŁŲ§ŁŲ¹.
ŁŲŖŁ ŲŖŲµŁ ŁŁ Ų§ŁŲ±Ų³Ų§Ų¦Ł ŲØŲ£Ų³ŁŁŲØ Ł Ų®ŲŖŁŁ ŁŁŁ ŁŁŲ¹ Ł Ł Ų§ŁŁ ŁŲ§ŁŲ¹ ŁŲŖŁŲ§ŲÆŁ Ų£ŁŲøŁ Ų© Ų§ŁŁŲ“Ł Ų§ŁŲŖŁŁŁŲÆŁŲ©.
Ų¹ŁŁ Ų³ŲØŁŁ Ų§ŁŁ Ų«Ų§ŁŲ ŁŲŲµŁ Ł ŁŁŲ¹ Ų“Ų±ŁŲ© Ų„ŁŲ“Ų§Ų”Ų§ŲŖ Ų¹ŁŁ Ų±Ų³Ų§ŁŲ© ŲŖŲ®ŲŖŁŁ Ų¹Ł ŲŖŁŁ Ų§ŁŁ Ų±Ų³ŁŲ© ŁŁ ŁŁŲ¹ ŲµŲ§ŁŁŁ ŲŖŲ¬Ł ŁŁ.
Ų±ŲŗŁ Ų°ŁŁŲ ŁŁ ŲŖŁŲŖŲµŲ± ŁŲÆŲ±Ų§ŲŖ AkiraBot Ų¹ŁŁ Ų„ŁŲ“Ų§Ų” Ł ŲŲŖŁŁ ŁŁŲ·Ų ŲØŁ ŲŖŁ ŁŁŁ Ų£ŁŲ¶ŁŲ§ Ł Ł ŲŖŲ¬Ų§ŁŲ² Ų£ŁŲøŁ Ų© Ų§ŁŲŁ Ų§ŁŲ© Ł Ų«Ł CAPTCHAŲ ŲØŁŲ¶Ł Ų§Ų¹ŲŖŁ Ų§ŲÆŁ Ų¹ŁŁ Ų®ŲÆŁ Ų§ŲŖ ŲØŲ±ŁŁŲ³Ł Ų°ŁŁŲ© ŲŖŲ®ŁŁ Ł ŲµŲÆŲ± Ų§ŁŲŖŲµŁŲ ŁŲŖŲŲ§ŁŁ Ų³ŁŁŁ Ų§ŁŁ Ų³ŲŖŲ®ŲÆŁ Ų§ŁŲŁŁŁŁ.
ŁŲ“Ł ŁŲŖ Ų§ŁŲ£ŁŲøŁ Ų© Ų§ŁŁ Ų³ŲŖŁŲÆŁŲ© hCAPTCHA ŁreCAPTCHA ŁCloudflare TurnstileŲ Ų§ŁŲ£Ł Ų± Ų§ŁŲ°Ł Ł ŁŁŁŁ Ł Ł ŲŖŁŁŁŲ° Ų§ŁŁŲ¬ŁŁ Ų¹ŁŁ ŁŲ·Ų§Ł ŁŲ§Ų³Ų¹ ŲÆŁŁ ŁŁŲŖ Ų§ŁŲ£ŁŲøŲ§Ų±.
ŁŁ Ł Ų®ŁŲ§Ł ŲŖŲŁŁŁ Ų§ŁŁŁŲÆ Ų§ŁŲØŲ±Ł Ų¬ŁŲ ŲŖŲØŁŁ Ų£Ł Ų§ŁŲ£ŲÆŲ§Ų© ŲŖŲ³ŲŖŲ®ŲÆŁ ŁŲ§ŁŲØŁŲ§ Ų¹Ų§Ł ŁŲ§ ŲŖŁŲ±ŁŁ Ł Ų¹Ł ŲŖŲ¹ŁŁŁ Ų§ŲŖ Ł Ų®ŲµŲµŲ©Ų Ų«Ł ŁŲŖŁ ŲŖŲŗŲ°ŁŲŖŁ ŁŁŁŁ ŁŲ°Ų¬ Ų§ŁŲ°ŁŁ ŁŲŖŁŁŁŲÆ Ų±Ų³Ų§Ų¦Ł ŲŖŲ³ŁŁŁŁŲ© ŲŖŲØŲÆŁ ŁŲ§ŁŲ¹ŁŲ©.
ŁŁŲÆ ŲŖŁ Ų£ŁŲ¶ŁŲ§ Ų±ŲµŲÆ ŁŲ§Ų¬ŁŲ© Ų±Ų³ŁŁ ŁŲ© ŲÆŲ§Ų®ŁŁŲ© ŲŖŲŖŁŲ ŁŁŁ ŁŲ§Ų¬Ł Ų§Ų®ŲŖŁŲ§Ų± Ų¹ŲÆŲÆ Ų§ŁŁ ŁŲ§ŁŲ¹ Ų§ŁŁ Ų³ŲŖŁŲÆŁŲ© ŁŲŖŲ®ŲµŁŲµ Ł ŲŲŖŁŁ Ų§ŁŲ±Ų³Ų§Ų¦Ł ŲŲ³ŲØ ŁŁ ŲŲ§ŁŲ©.
ŁŲ£ŁŲ§ŲÆŲŖ SentinelOne Ų£Ł AkiraBot ŁŲ§Ł ŁŲ³Ų¬ŁŁ Ų¬Ł ŁŲ¹ Ł ŲŲ§ŁŁŲ§ŲŖŁŲ Ų§ŁŁŲ§Ų¬ŲŲ© ŁŲ§ŁŁŲ§Ų“ŁŲ©Ų ŁŁ Ł ŁŁ ŲØŲ§Ų³Ł "submissions.csv"Ų Ł Ų¹ Ų„Ų±Ų³Ų§Ł ŲŖŁŲ§Ų±ŁŲ± Ų§ŁŲ£ŲÆŲ§Ų” Ł ŲØŲ§Ų“Ų±Ų© Ų„ŁŁ ŁŁŲ§Ų© Ų¹ŲØŲ± ŲŖŲ·ŲØŁŁ ŲŖŁŁŲŗŲ±Ų§Ł Ų ŁŁ Ų„Ų“Ų§Ų±Ų© Ų„ŁŁ Ł ŲÆŁ Ų§ŁŲŖŁŲøŁŁ Ų§ŁŲÆŁŁŁ Ų®ŁŁ Ų§ŁŁŲ¬ŁŁ .
ŁŁ Ų§ŁŁ ŁŲ§ŲØŁŲ ŁŲ§Ł ŲŖ OpenAI ŲØŲŖŲ¹Ų·ŁŁ Ł ŁŲŖŲ§Ų Ų§ŁŁŲ§Ų¬ŁŲ© Ų§ŁŲØŲ±Ł Ų¬ŁŲ© Ų§ŁŁ Ų±ŲŖŲØŲ· ŲØŁ AkiraBotŲ ŁŲ£Ų¹ŁŁŲŖ Ų£ŁŁŲ§ ŲŖŲŖŲ§ŲØŲ¹ Ų§ŁŲŖŲŁŁŁ ŁŁ Ų§ŁŲŲ§ŲÆŲ«.
ŁŁ Ų§ Ų£ŁŲ§ŲÆŲŖ Ų£ŁŁŲ§ ŲŖŲ¹ŁŁ Ų¹ŁŁ ŲŖŲ·ŁŁŲ± Ų£ŁŲøŁ ŲŖŁŲ§ ŁŲ±ŲµŲÆ ŁŲ°Ų§ Ų§ŁŁŁŲ¹ Ł Ł Ų§ŁŲ§ŁŲŖŁŲ§ŁŲ§ŲŖ.
ŁŲ£Ų“Ų§ŲÆŲŖ SentinelOne ŲØŲŖŲ¹Ų§ŁŁ ŁŲ±ŁŁ Ų§ŁŲ£Ł Ų§Ł ŁŁ OpenAI ŁŲ¬ŁŁŲÆŁŁ ŁŁ Ų§ŁŲŖŲµŲÆŁ ŁŁŲ°Ų§ Ų§ŁŁŁŲ¹ Ł Ł Ų§ŁŲŖŁŲÆŁŲÆŲ§ŲŖ.
ŁŁŲ“Ų§Ų± Ų„ŁŁ Ų£Ł AkiraBot ŁŲ§ ŁŲ±ŲŖŲØŲ· ŲØŁ Ų¬Ł ŁŲ¹Ų© "Ų£ŁŁŲ±Ų§" Ų§ŁŲ“ŁŁŲ±Ų© Ų§ŁŲŖŁ ŲŖŁŲ“Ų· ŁŁ ŁŲ¬Ł Ų§ŲŖ Ų§ŁŁŲÆŁŲ©. ŁŁ Ų§ ŲŖŲŖŲ²Ų§Ł Ł ŁŲ°Ł Ų§ŁŁŲ¬Ł Ų§ŲŖ Ł Ų¹ ŲøŁŁŲ± Ų£ŲÆŁŲ§ŲŖ ŁŲ±ŲµŁŲ© Ł ŲŖŁŲÆŁ Ų© Ł Ų«Ł "Xanthorox AI"Ų ŁŲ§ŁŲŖŁ ŲŖŁŲ³ŲŖŲ®ŲÆŁ ŁŁ ŲŖŲ·ŁŁŲ± Ų§ŁŲØŲ±Ł Ų¬ŁŲ§ŲŖ Ų§ŁŲ®ŲØŁŲ«Ų© ŁŲ§Ų³ŲŖŲŗŁŲ§Ł Ų§ŁŲ«ŲŗŲ±Ų§ŲŖ Ų§ŁŲ£Ł ŁŁŲ©.
Ł Ł ŁŲ§ŲŁŲ© Ų£Ų®Ų±ŁŲ ŁŲ±Ł Ų®ŲØŲ±Ų§Ų” Ų£Ł ŁŁŁŁ Ų£Ł ŁŲ°Ł Ų§ŁŲŲ§ŲÆŲ«Ų© ŲŖŲØŲ±Ų² Ų§ŁŲŖŲŲÆŁŲ§ŲŖ Ų§ŁŁ ŲŖŲ²Ų§ŁŲÆŲ© Ų§ŁŲŖŁ ŲŖŁŲ±Ų¶ŁŲ§ Ų£ŲÆŁŲ§ŲŖ Ų§ŁŲ°ŁŲ§Ų” Ų§ŁŲ§ŲµŲ·ŁŲ§Ų¹Ł Ų¹ŁŁ Ų£Ł Ł Ų§ŁŲ„ŁŲŖŲ±ŁŲŖŲ Ų®Ų§ŲµŲ©Ł Ł Ų¹ Ų§Ų¹ŲŖŁ Ų§ŲÆ Ų§ŁŁ ŁŲ§Ų¬Ł ŁŁ Ų¹ŁŁ ŁŁ Ų§Ų°Ų¬ ŁŲŗŁŁŲ© Ł ŲŖŲ·ŁŲ±Ų© ŁŲŖŲ¬Ų§ŁŲ² Ų§ŁŲŁŲ§Ų¬Ų² Ų§ŁŲŖŁŁŁŲ© ŁŲ§ŁŲ®ŲÆŲ§Ų¹ ŲØŲ£Ų³Ų§ŁŁŲØ ŁŲµŲ¹ŲØ ŲŖŁ ŁŁŲ²ŁŲ§ Ų¹Ł Ų§ŁŲ³ŁŁŁ Ų§ŁŲØŲ“Ų±Ł.
