Ddos 
AkiraBot GUI | Image: SentinelLABS
Spammers are constantly adapting their tactics to exploit new digital communication channels. A recent report by SentinelLABS sheds light on one such menace: AkiraBot, a sophisticated Python framework designed to bombard website contact forms and chat widgets with AI-generated spam messages.
AkiraBot is not a malware strain, nor is it related to the Akira ransomware group. Instead, it’s a Python-based automation framework designed to flood website contact forms and chat widgets with AI-generated messages promoting shady SEO services.
“AkiraBot is a framework used to spam website chats and contact forms en masse to promote a low-quality SEO service,” the report explains.
Since its emergence in September 2024, AkiraBot has already successfully spammed at least 80,000 websites, exploiting legitimate communication channels in a coordinated campaign that continues to evolve.
What sets AkiraBot apart from traditional spam tools is its use of OpenAI’s GPT-based models to craft personalized messages tailored to the target website.
“The bot uses OpenAI to generate custom outreach messages based on the purpose of the website,” the report states.
By scraping website content using BeautifulSoup and feeding it to an LLM, AkiraBot generates messages that feel curated and unique—making them much harder for spam filters to catch. Each message replaces variables like <WEBSITE_NAME> and <KEYWORD> with site-specific data to maximize believability.
CAPTCHA services like reCAPTCHA and hCAPTCHA are the first line of defense against spam—yet AkiraBot defeats them with ease. The bot employs several tactics:
- Browser emulation via Selenium WebDriver
- DOM manipulation using custom JavaScript injections
- Browser fingerprint spoofing to mimic real users
- Fallback CAPTCHA-solving services like FastCaptcha, NextCaptcha, and Capsolver
“The inject.js script injects code into the targeted website’s Document Object Model (DOM)… [and] modifies multiple browser attributes that webservers use to identify the nature of the browser viewing the website.”
To evade network detection, AkiraBot uses SmartProxy, a service that offers residential, mobile, and datacenter IPs. These proxies are rotated dynamically to bypass IP bans and rate limits.
In its newer versions, AkiraBot doesn’t just target contact forms—it also spams live chat widgets, particularly those powered by platforms like Reamaze.
“Newer versions of AkiraBot have also targeted the Live Chat widgets integrated into many websites, including Reamaze widgets.”
The bot even refreshes Reamaze tokens via headless Chrome instances to maintain access, sidestepping spam detection mechanisms implemented by Reamaze itself.
In a nod to modern C2 (Command and Control) architecture, AkiraBot integrates with Telegram to report its spam metrics. Its scripts—monitor.py and monitor_random.py—send spam success stats, proxy rotation events, and CAPTCHA defeat statuses to a private channel.
“Two versions of AkiraBot used a Telegram bot for logging success metrics.”
The bot’s developers automate even the launching of JavaScript in browser consoles using pyautogui, orchestrating CAPTCHA defeat scripts and proxy swapping in real time.
The spam messages always point to one of two SEO brands: useakira[.]com and servicewrapgo[.]com. Both sites have amassed questionable reviews on Trustpilot—some glowing, likely fake, and others scathing, calling them out for scam-like behavior.
“The 5-star reviews tend to follow a pattern… the reviewer has one previous review that was made 1–5 days before the Akira or ServiceWrap review.”
With suspicious DNS records and shared infrastructure links to known malvertising campaigns, these domains represent the shady heart of AkiraBot’s marketing grift.
SentinelLABS concluded that more than 420,000 unique domains have been targeted, with the bot maintaining high operational uptime and adaptability through modular design, versioning, and persistent operator activity.
“The January 2025 archives showed that only 11,000 domains had failed… deduplicating the results revealed that more than 420,000 unique domains were targeted in total.”
This isn’t just nuisance-level spam—it’s AI-fueled digital pollution at scale, undermining trust in online communication and exploiting small business owners’ desire for growth.
Related Posts:
- IPFire Fortifies Against SYN Flood Attacks with New Protection Feature
- New in Windows 11: Lock Screen Widget Customization
About The Author
