Introduction
Security researchers have uncovered a significant spam campaign known as “AkiraBot,” which utilizes an AI-powered Python framework to automate the mass distribution of messages promoting fraudulent search engine optimization (SEO) services. These services are marketed under the brand names “Akira” and “ServiceWrap.” The campaign targets small to medium-sized businesses (SMBs) by falsely promising enhanced search engine visibility.
Description
Security researchers have identified a significant spam campaign named “AkiraBot,” an AI-powered Python framework designed to automate the mass sending of messages that promote fraudulent search engine optimization (SEO) services, specifically under the brand names “Akira” and “ServiceWrap.” This scam, which costs around $30 per month [8], falsely claims to enhance visibility on search engines for small to medium-sized businesses (SMBs). First observed in September 2024 [4], AkiraBot has targeted over 420,000 unique domains [1], successfully spamming at least 80,000 websites [1] [3] [10]. This sophisticated spamming tool primarily focuses on websites hosted on popular platforms like Shopify, GoDaddy [4] [5] [6] [7] [10], Wix [4] [5] [6] [7] [8] [10], and Squarespace [4] [5] [6] [7] [8] [10], which are often chosen for their user-friendliness [6]. Log files indicate that over 80,000 unique messages were delivered during a four-month campaign, while attempts to target approximately 11,000 domains failed [9].
AkiraBot leverages OpenAI’s GPT-4o-mini model to generate unique [2], customized outreach messages tailored to the content and purpose of the targeted websites [3]. By scraping website content with BeautifulSoup and processing it through a template [2], the bot creates messages that incorporate the website name and a brief description of its services, making the spam appear more curated and convincing [3]. This adaptive approach complicates traditional spam filtering methods due to the uniqueness of each message and the dynamic rotation of domains [1], allowing the messages to evade traditional spam filters. The bot delivers these messages through contact forms, comment sections [5] [8] [10], and live chat widgets [4] [6] [9] [10].
The framework employs advanced techniques to bypass CAPTCHA and network detection [1], utilizing services like hCAPTCHA [1] [2], reCAPTCHA [1] [2] [3] [4] [5] [6] [7] [8] [10] [11], Capsolver [1] [2] [5], FastCaptcha [1] [6], and NextCaptcha [1] [6], along with tools like Selenium WebDriver to mimic real user behavior. Additionally, AkiraBot utilizes proxy services [6], specifically SmartProxy [6], to route its traffic through various IP addresses [6], further obscuring its origin and maintaining its spam activities undetected. The bot also refreshes tokens within chat systems to evade detection and injects special code into websites to enhance its disguise. Furthermore, it employs rotating attacker-controlled domains and network evasion techniques, such as custom headers and randomized payloads [4], to avoid triggering security alarms [4]. This has attracted the interest of cybercriminals, as the modular nature of AkiraBot could potentially be repurposed for more harmful activities, including phishing attacks [4], malware distribution [4], or social engineering campaigns aimed at compromising sensitive data [4].
Researchers from SentinelLabs have noted that AkiraBot’s use of AI-generated content presents new challenges for defending against spam attacks [9]. They suggest that website owners should implement more complex [7], interaction-heavy challenges instead of relying solely on CAPTCHA to mitigate these threats [7]. The impact of AkiraBot on small businesses is significant [6], as it clogs communication channels and can damage online reputations [6]. The spam messages promote SEO services under the brand names “Akira” and “ServiceWrap,” with rotating domains linked to historical DNS data associated with malicious activities [6]. Fake positive reviews for these services on platforms like TrustPilot further attempt to build legitimacy [6]. OpenAI has acknowledged the misuse of their services for spam [3], revoking the involved API key and continuing to investigate the matter to prevent further abuse [3]. A collaborative response involving hosting providers [1], AI service providers [1], and cybersecurity researchers is necessary to address and mitigate the risks posed by AkiraBot [1]. Small businesses must remain vigilant against this evolving threat [6], as blocking spam domains alone may not suffice due to AkiraBot’s adaptability [6].
Conclusion
The AkiraBot campaign poses a significant threat to small businesses by disrupting communication channels and potentially damaging reputations. To mitigate these risks [1] [7], businesses should adopt more sophisticated security measures beyond traditional CAPTCHA systems. The adaptability of AkiraBot underscores the need for a collaborative effort among hosting providers, AI service providers [1], and cybersecurity experts to develop comprehensive strategies to combat such threats. As the landscape of cyber threats evolves, vigilance and proactive measures are essential to safeguard against the misuse of AI technologies in malicious activities.
References
[1] https://gbhackers.com/akirabot-floods-80000-sites-after-outsmarting-captchas/
[2] https://itsecuritynewsbox.com/index.php/2025/04/10/akirabot-ai-powered-spam-bot-evades-captcha-to-target-80000-websites/
[3] https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/
[4] https://siliconangle.com/2025/04/10/sentinellabs-exposes-akirabot-spam-tool-powered-openai-generated-messages/
[5] https://www.techradar.com/pro/security/akirabot-network-hits-thousands-of-sites-with-captcha-bypassing-ai-spam
[6] https://hackread.com/akirabot-abuses-openai-api-spam-website-contact-forms/
[7] https://www.infosecurity-magazine.com/news/aipowered-akirabot-captcha-spam/
[8] https://www.404media.co/scammers-used-openai-to-flood-the-web-with-seo-spam/
[9] https://arstechnica.com/security/2025/04/openais-gpt-helps-spammers-send-blast-of-80000-messages-that-bypassed-filters/
[10] https://clickcontrol.com/cyber-attack/ai-powered-akirabot-infiltrates-420000-websites-using-openai-to-outsmart-captcha-and-flood-the-web-with-spam/
[11] https://www.technewsday.com/2025/04/10/openai-revokes-spammers-account-after-80000-messages-evade-detection/
