Phishing Bot Targets Sites With AI Spam Messages
Phishing bot campaigns are now using AI-generated messages to spam websites at scale. These bots exploit contact forms, chats, and comment sections.
A recent report reveals a tool called AkiraBot has sent spam to over 420,000 websites. It successfully targeted at least 80,000 sites since late 2024.
Unlike basic spam tools, this one creates customized messages using large language models. Therefore, it tailors each spam based on the site’s content.
AI Powers the Spam Machine
The core of AkiraBot relies on AI from OpenAI. It uses GPT-4o-mini to create outreach messages in real time.
The tool scans a website, identifies its purpose, and builds a fitting message. This increases engagement and helps bypass spam filters.
For example, it can craft professional-sounding requests for business services. This makes detection harder for both users and spam-blocking tools.
Moreover, the bot comes with a visual dashboard. Operators can select specific websites, set the number of targets, and automate the message process.
CAPTCHA and Detection? Not a Problem
A standout feature is AkiraBot’s ability to bypass CAPTCHA systems. It tricks protections like hCAPTCHA, reCAPTCHA, and Cloudflare Turnstile.
How? By using proxy services to appear like real users. The bot also rotates proxy IPs with help from SmartProxy, hiding its true source.
Furthermore, it logs activity into a file named submissions.csv. This file tracks success rates and failed spam attempts for ongoing analysis.
Its performance data, including CAPTCHA bypass rates, is even shared through Telegram using API integration. This helps refine the tool in real time.
Origins and Growth of the Campaign
AkiraBot started as a tool called “Shopbot” in 2024. It initially targeted Shopify sites but quickly expanded.
Today, it also targets websites built on GoDaddy, Squarespace, Wix, and those using generic chat tools like Reamaze.
Researchers believe the spamming efforts began even earlier using static content. However, the AI-powered version marks a turning point in automation.
In response to the threat, the associated API key was disabled. But the campaign shows how adaptable and resilient these bots can be.
AI in Cybercrime Is Evolving Fast
The rise of AkiraBot aligns with the emergence of other tools like Xanthorox AI. This new platform helps cybercriminals build malware and exploit code using AI.
It operates entirely on local servers, which makes detection more difficult. This approach avoids using public APIs, reducing the risk of exposure.
Cybercriminals now use AI not just for language but also for development, targeting, and evasion.
How to Stay Protected
To defend against AI-powered spam bots like AkiraBot, businesses should:
- Use CAPTCHA alternatives like behavior-based bot detection.
- Filter form submissions using AI-aware spam detection tools.
- Monitor traffic for unusual IP rotations or bulk messaging attempts.
- Block known proxies and implement rate limiting for forms.
- Keep all website plugins and CMS platforms updated.
Phishing bots are getting smarter, but a layered defense and ongoing awareness can keep your site one step ahead.
Sleep well, we got you covered.
