More than 400,000 small and medium-sized business websites have already been targeted by the new artificial intelligence-based AkiraBot spamming tool since September, at least a fifth of which have been bombarded with contact forms and chat widgets, Hackread reports.
Attackers leveraged fraudulent search engine optimization services to promote AkiraBot, which exploits OpenAI's large language models to craft custom malicious messages for its targets, according to an analysis from SentinelOne's SentinelLabs researchers. AkiraBot also abused FastCAPTCHA and NextCAPTCHA tools, as well as proxy services to evade detection, said SentinelLabs, who discovered the tool to have been continuously improved since its emergence. "Each version uses one of two hardcoded OpenAI API keys and the same proxy credentials and test sites, which links the archives despite the disparate naming conventions," noted researchers, who added that the tool has since focused on live chat widgets after prioritizing contact forms. Such a threat should prompt increased vigilance among SMBs.
Attackers leveraged fraudulent search engine optimization services to promote AkiraBot, which exploits OpenAI's large language models to craft custom malicious messages for its targets, according to an analysis from SentinelOne's SentinelLabs researchers. AkiraBot also abused FastCAPTCHA and NextCAPTCHA tools, as well as proxy services to evade detection, said SentinelLabs, who discovered the tool to have been continuously improved since its emergence. "Each version uses one of two hardcoded OpenAI API keys and the same proxy credentials and test sites, which links the archives despite the disparate naming conventions," noted researchers, who added that the tool has since focused on live chat widgets after prioritizing contact forms. Such a threat should prompt increased vigilance among SMBs.
