AkiraBot: The AI-Powered Spam Bot Hijacking Website Chats at Scale
- Cyber Jack
- 1 day ago
- 3 min read
Spam just leveled up. Again.
A new threat actor framework called AkiraBot is redefining what automated spam looks like in 2025—and it's doing it with the help of artificial intelligence, CAPTCHA-evasion scripts, and a sprawling infrastructure designed to quietly exploit small business websites across the internet.
Discovered and analyzed by SentinelLabs, an elite group of threat researchers at SentinelOne, AkiraBot is not related to the Akira ransomware group, but its impact could still cause serious headaches for site owners, SEO-conscious companies, and security teams alike. Since its emergence in late 2024, the bot has targeted over 420,000 websites and successfully spammed at least 80,000 of them. Its goal? Promote a shady, AI-powered SEO service across unsuspecting website contact forms and live chat widgets—at industrial scale.
AI Marketing... Weaponized
At the heart of AkiraBot’s operations is its integration with OpenAI’s API. The bot scrapes content from targeted websites, processes it with BeautifulSoup, then uses an LLM prompt to craft custom spam messages that sound eerily relevant to the site’s theme or industry.
Each message is unique, increasing the likelihood of bypassing spam filters. The LLM is instructed to act as a marketing assistant, generating short, seemingly personalized pitches for AkiraBot’s SEO services—most often pointing to domains like useakira[.]com or servicewrapgo[.]com.
These messages are injected into contact forms and live chat widgets, making them appear authentic at first glance. That’s a serious problem for small and medium-sized businesses using platforms like Shopify, Wix, Squarespace, and GoDaddy—all popular targets of the campaign.
CAPTCHAs? Consider Them Compromised
AkiraBot doesn’t just spam—it specializes in slipping past defenses. Its toolkit includes multiple CAPTCHA bypass mechanisms, including integration with services like FastCaptcha, NextCaptcha, and Capsolver.
The bot spins up headless Chrome instances and runs fingerprinting scripts to mimic real browsers. It manipulates session data to bypass bot detection systems, spoofing everything from voice engines and GPU profiles to timezone settings and system memory.
Custom JavaScript is injected into webpages on-the-fly to handle browser-based challenges. For websites with customer support integrations like Reamaze, the bot fetches tokens and even refreshes them periodically to ensure its spam gets through.
Network Evasion and Infrastructure
To evade detection at scale, AkiraBot rotates proxies using services like SmartProxy—technically legal, but frequently abused by threat actors for anonymizing traffic. Proxy credentials are hardcoded across different versions of the bot, tying the campaign to a consistent operator.
Domains used by the campaign are rapidly cycled. SentinelLabs observed spam originating from dozens of sites, but two in particular—akirateam[.]com and servicewrapgo[.]com—stood out due to their longevity and DNS activity. Some were even linked to suspicious CNAME records associated with malvertising infrastructure.
Telegram is also used for operational oversight. The bot includes scripts that post success metrics to a Telegram channel, including CAPTCHA defeats, spam submission counts, and proxy status. A GUI lets the operator manage campaigns in real-time, showing thread counts, targets, and logs.
Fake Reviews, Real Spam
To lend legitimacy to the operation, AkiraBot-associated domains are littered with questionable Trustpilot reviews—many five-star ratings with repetitive themes and likely AI-generated text. Though hard to prove conclusively, the similarity between review structure and the bot’s LLM-generated messages is more than coincidence.
The campaign’s volume—and the effort behind it—signals this isn’t a quick cash grab. It’s an organized, sustained push to weaponize AI-generated content against small business websites, hijacking their communication channels to promote a low-quality service under a veneer of legitimacy.
The Bigger Picture: AI as a Spammer’s Secret Weapon
While defenders have focused on generative AI being used for phishing or impersonation, AkiraBot shows that low-level spam campaigns are now getting an AI-powered makeover too. And with modular architecture, scriptable logic, and CAPTCHA evasion baked in, it's clear this isn't just one bot—it’s a framework.
With contact forms and chat integrations now part of the frontline for customer engagement, they’ve become attractive new targets. This shift should prompt security teams to rethink their perimeter—and start treating website interactions like the high-risk vectors they increasingly are.
AkiraBot is still evolving. SentinelLabs expects further iterations as spam protection improves and platform defenses adapt. For now, blocking spammy domains remains the easiest route—but that’s getting harder when every message looks different, and the bots can solve your CAPTCHAs better than you can.
The arms race has officially arrived in your chatbox.