Although we were hit with a super-smart pro AI spambot called AkiraBot, it has allegedly attacked more than 80,000 sites, most of which are managed and maintained by SMEs. Well-known e-commerce platforms such as Shopify, GoDaddy, Wix.com, and Squarespace all were an unwilling target of a sophisticated scheme. Those hackers utilized OpenAI’s new GPT-4o-mini to spread spam comments across these websites.
AkiraBot implemented their plan by using OpenAI’s chat API to generate outreach messages. The bot provided a specific prompt: “You are a helpful assistant that generates marketing messages.” This further direction gave AkiraBot the ability to create tailored messages. It slapped these customized replies in Facebook comments, website chats, and contact us forms. The spam messages advertised non-existent SEO services, with the goal of tricking website owners into buying these made-up services.
Evading Detection
The operation behind AkiraBot was intricate. It used other kinds of tools to help it get through CAPTCHA filters, dead-ending spam campaigns by not getting spam messages to spam users without them being caught. AkiraBot leveraged a proxy service to avoid detection by network monitoring. This tactic created a situation where it was difficult for website operators to call the spammer to task.
Following these events, OpenAI has responded by disabling the API key used by AkiraBot’s operations. The company points to its role in trying to ensure that its technology isn’t misused.
“We’re continuing to investigate and will disable any associated assets. We take misuse seriously and are continually improving our systems to detect abuse.” – OpenAI
SentinelOne’s security analysts were struck as they navigated the sheer size of the spam campaign. They stated, “Searching for websites referencing AkiraBot domains shows that the bot previously spammed websites in a way that the message was indexed by search engines.” This further underscores the significant, permanent damage that AkiraBot’s conduct can do to the businesses it harms.
AkiraBot has become one of the biggest threats to small and medium-sized businesses. More importantly, it illustrates the constant threat these enterprises are under in the cyber realm. Almost all of these businesses are strongly interwoven with online platforms that control key aspects of their operations, which make them easy targets for all kinds of malicious activities.
What The Author Thinks
The attack on these small and medium-sized businesses using OpenAI’s technology highlights an emerging issue with AI misuse. While AI can drive significant innovation, it also poses serious risks when it’s misused, as seen in the AkiraBot incident. These vulnerabilities emphasize the need for stronger safeguards and ethical considerations around AI-powered tools to protect businesses and users from such harmful exploitation.
Featured image credit: Oleg Gapeenko via Vecteezy
Follow us for more breaking news on DMR