An AI spambot utilized OpenAI’s GPT-4o-mini to inundate websites with spam comments.
A cybersecurity company named SentinelOne reported that AkiraBot managed to target around 80,000 websites, primarily those run by small to medium-sized businesses on e-commerce platforms like Shopify, GoDaddy, Wix.com, and Squarespace.
According to reports from 404 Media, the bot was programmed with a prompt that instructed OpenAI’s chat API to act as a “helpful assistant generating marketing messages.”
It created tailored messages to post in comments across various sites, promoting fake SEO services. The messages were customized for different businesses to avoid detection; for instance, a construction company would receive a different message compared to a hair salon.
AkiraBot posted these AI-generated spam messages in website chats and contact forms to entice site owners into buying SEO services. The later versions of the bot also targeted Live Chat features found on many modern websites.
SentinelOne noted that searching for websites linked to AkiraBot domains revealed that the bot previously spammed sites in a manner that made the messages show up in search engine results. The bot emerged in September 2024 and is not connected to the well-known Akira ransomware group.
AkiraBot was a sophisticated operation, using various tools besides OpenAI’s GPT-4o-mini to bypass CAPTCHA filters, along with a proxy service to evade network detection.
OpenAI has since revoked the API key that AkiraBot was using. In a statement to SentinelOne, they said, “We take abuse seriously and are constantly working to enhance our systems to detect misuse.”
SentinelOne expressed gratitude to the OpenAI security team for their cooperation and ongoing efforts to prevent misuse of their services.
There have been multiple cases where OpenAI’s tools have been misused, such as foreign governments creating online propaganda materials.
However, cybercriminals often rely on specially designed AIs. For instance, WormGPT and FraudGPT, identified in mid-2023, assisted criminals in automating fraud by answering victims’ inquiries while pretending to be a bank.
Other Stories You May Like