News

Scammers Use OpenAI API to Flood 80,000 Websites With Spam

News Room
News Room

An AI spambot used OpenAI’s GPT-4o-mini to flood websites with spam comments.

According to cybersecurity firm SentinelOne, AkiraBot successfully targeted at least 80,000 websites, mainly operated by small to medium-sized businesses using e-commerce platforms like Shopify, GoDaddy, Wix.com, and Squarespace.

As 404 Media reports, the tool gave OpenAI’s chat API a prompt—”You are a helpful assistant that generates marketing messages”—and instructed the AI to create custom messages it would post in comments across the web, pushing bogus SEO services. The comments would be targeted for specific sites and written just differently enough to evade detection. For example, a construction firm would get a different message than a hair salon.

AkiraBot then posted these AI-generated spam messages on website chats and contact forms, in an attempt to get the site owner to purchase SEO services. Later versions of the AI-spambot also targeted the Live Chat widgets integrated into many modern websites.

“Searching for websites referencing AkiraBot domains shows that the bot previously spammed websites in a way that the message was indexed by search engines,” according to SentinelOne, which says the bot appeared in September 2024 and has no relation to the prolific Akira ransomware group.

But AkiraBot was a complex operation. It leaned on a variety of tools beyond OpenAI’s GPT-4o-mini to evade CAPTCHA filters; it also used a proxy service to avoid network detection.

OpenAI has since disabled the API key used by AkiraBot. “We’re continuing to investigate and will disable any associated assets,” it said in a statement provided to SentinelOne. “We take misuse seriously and are continually improving our systems to detect abuse.”

Recommended by Our Editors

SentinelOne thanked the OpenAI security team “for their collaboration and continued efforts in deterring bad actors from abusing their services.”

There have several instances where OpenAI tools were used for nefarious purposes, such as the production of online propaganda materials by foreign governments. But oftentimes, cybercriminals lean on custom-built AIs. For example, WormGPT, spotted in mid-2023, helped criminals automate fraud by responding to victims’ queries while pretending to be a bank.

Get Our Best Stories!


Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Will McCurdy

Contributor

Will McCurdy

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read Will’s full bio

Read the latest from Will McCurdy

Share This Article
Previous Article Get the M4 iPad Pro for Up to $200 Off This Weekend
Next Article Redmi launches Harry Potter Edition of new Turbo 3 smartphone · TechNode
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

How to Remotely Access a PC From Your iPhone or Android Device
News
Expect a tariff on semiconductors within two months, says US commerce secretary | Computer Weekly
News
Step into the world of fantasy for free with the latest Stuff Your Kindle Day
News
Here’s how Apple plans to fix Apple Intelligence and Siri
News
Lost your password?