- Villager is an AI-Indeborn Pentest Tool with ~ 10,000 downloads, probably including threat actors
- It automates attack using Kali Linux and Deepseek AI, raising concerns with double use
- CyberSpike, its creator, has ties to malware and Chinese hacking circles
Is the world ready for AI-driven sustained threat players (AIPT)? We are finding out that a Chinese company has recently built and released an AI-Indenborn Pentesting tool.
It has been picked up about 10,000 times in the last two months, signaling quick adoption.
Among the people who download the tool are probably also threat players.
Widely adopted
This is the end of a new report published by Security Outfit Straiker. Its scientists, Dan Regalado and Amanda Rousseau, observed a new tool called Villager. They describe it as an AI-driven sequel to Cobalt Strike that integrates tools such as Kali Linux and Deepseek AI to automate offensive security operations.
“Originally placed as a red team offer, CyberSpike has released an AI-activated, MCP-supported automation tool called” Villager “that combines Kali Linux tool set with Deepseek AI models for fully automated workflow testing,” the researchers warned.
“The fast, public accessibility and automation functions create a realistic risk that the villager will follow the Cobalt Strike Railway: Commercial or Legitimately Developed Tools that are widely adopted by threat actors for malicious campaigns.”
It is widely adopted. The tool is freely available on Pypi, the world’s largest Python package index, and it has been downloaded almost 10,000 times since the release in July.
Straiker also claims that CyberSpike, the company behind the villager, is at best shady and possibly – a threat actor dealing with distributing malware. Currently, it doesn’t have an official site, but it used to have one two years ago, and at that time it offered a product called cyberspike.
The whole tool set and Arsenal were subsequently uploaded to virus rotal and marked as asyncrat, a dangerous and well -established remote access Trojan. There were also traces of Mimikatz, an utilization for Windows that extract passwords stored in memory.
The register added more emphasis to the suspicions of a detailed hack that reported that the tool’s author is a former prisoner flag player for the Chinese HSCSEC team. This “is important because these competitions in China provide a recruitment and training pipeline to skilled hackers and Peking’s cyber security and intelligence agencies who want to hire them,” the publication concluded.
Via Registered
