Security researchers at SentinelLabs have uncovered a large-scale, AI-assisted spam campaign that has so far targeted more than 400,000 websites, primarily small and medium-sized business platforms hosted on Shopify, GoDaddy, Wix, and Squarespace.
The malicious framework behind the campaign has been dubbed “AkiraBot,” named after the dubious SEO services it promotes—“Akira” and “ServiceWrap.”
According to the SentinelLabs report, AkiraBot has successfully infiltrated over 80,000 websites since its emergence in September 2024. What sets this bot apart is its use of OpenAI’s large language models (LLMs) to generate dynamic, human-like spam messages that are uniquely crafted each time. This strategy helps the spam content evade traditional filters, making detection and blocking significantly more difficult.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
“The use of LLM-generated content likely helps these messages bypass spam filters, as the spam content is different each time a message is generated,” explained researchers. Additionally, AkiraBot rotates between various attacker-controlled domains to further complicate detection efforts.
Beyond exploiting contact forms, the bot now also targets live chat widgets and website comment sections. Notably, AkiraBot employs CAPTCHA bypass services such as Capsolver, FastCaptcha, and NextCaptcha to automate submissions while masking its activities using proxy services commonly used in advertising—but increasingly leveraged by cybercriminals.
Despite these evasive tactics, SentinelLabs was able to trace the bot’s activities through internal logging mechanisms. Investigators discovered that the framework has undergone several iterations since its inception, with each version relying on one of two hardcoded OpenAI API keys to operate.
ALSO READ: Now Open: Pan-India Registration for Fraud Investigators!
Jim Walter, Senior Threat Researcher at SentinelLabs, warned website administrators against depending solely on CAPTCHA for spam prevention. “CAPTCHA alone is no longer effective. Site owners should consider implementing more sophisticated, interaction-heavy security mechanisms to counter advanced automation like AkiraBot,” he advised.
The report concludes that while the LLM-generated spam presents a new frontier of challenges in web security, the clearest indicators to watch for are the rotating domains used to push the Akira and ServiceWrap services. Blocking these known domains may provide a temporary but effective line of defense.