The AkiraBot spambot used the GPT-4o-mini AI model via the OpenAI API to create spam comments promoting bogus SEO services. The diversity of these comments allowed them to bypass filtering systems on thousands of websites around the world, according to a study by SentinelOne.
Image Source: Wesley Tingey / Unsplash
According to a report from cybersecurity firm SentinelOne, AkiraBot has attacked at least 80,000 websites, most of which belong to small and medium-sized businesses using e-commerce platforms such as Shopify, GoDaddy, Wix and Squarespace.
According to 404 Media, the bot sent a request to the OpenAI API: “You are a helpful assistant who creates marketing messages,” after which the AI generated spam comments tailored to the subject matter of specific sites. Thus, one version of spam messages was created for the site of a construction company, and another for a beauty salon. These comments were then posted in chats and feedback forms on the sites, with the aim of encouraging their owners to purchase SEO services. Later versions of the spam bot also began to use online chat widgets built into most modern sites for these purposes.
«”A search of sites linking to AkiraBot domains shows that this bot has previously posted messages in a way that allowed them to be indexed by search engines,” SentinelOne said. The spambot in question appeared in September 2024 and is not related to the Akira ransomware group.
In addition to GPT-4o-mini, AkiraBot used proxy services to bypass CAPTCHA and mask network activity. OpenAI blocked the API key in question and said it was continuing to investigate, promising to take down all assets related to the incident. “We take abuse seriously and are constantly improving our systems to detect it,” OpenAI said in a statement.
There have been cases of misuse of OpenAI tools before, including in the creation of propaganda materials by government agencies. However, cybercriminals often prefer to use their own AI systems. For example, in 2023, the WormGPT AI model was identified, which allowed fraudsters to correspond on behalf of a bank and automate the process of deceiving users.