More pillager than villager? Chinese hacking tool “Villager” downloaded 10K times in 2 months

A mysterious Chinese AI penetration testing tool called Villager has been downloaded nearly 10,000 times since its July release, raising serious concerns about its potential misuse by cybercriminals. The tool, which combines Kali Linux with DeepSeek AI to automate offensive security operations, is being compared to Cobalt Strike’s trajectory from legitimate red-team software to widely adopted malware infrastructure.

What you should know: Villager represents a new category of AI-native penetration testing tools that could democratize advanced cyberattacks.

• The tool integrates Kali Linux toolsets with DeepSeek AI models to fully automate testing workflows, positioning itself as an AI-powered successor to Cobalt Strike.
• It’s freely available on PyPI, the world’s largest Python Package Index, making it easily accessible to both legitimate security professionals and malicious actors.
• Security researchers from Straiker, a cybersecurity firm, warn that “the rapid, public availability and automation capabilities create a realistic risk that Villager will follow the Cobalt Strike trajectory: commercially or legitimately developed tooling becoming widely adopted by threat actors for malicious campaigns.”

In plain English: Traditional penetration testing (ethical hacking to find security vulnerabilities) requires significant technical expertise and manual work. Villager automates this process using AI, potentially allowing less skilled individuals to conduct sophisticated cyberattacks by simply giving the AI instructions rather than manually executing complex technical procedures.

The company behind it: Cyberspike, Villager’s creator, has questionable ties to malware distribution and Chinese hacker circles.

• The company currently lacks an official website, though it operated one two years ago offering a product also called Cyberspike.
• When Cyberspike’s entire toolset was uploaded to VirusTotal (a service that scans files for malware), it was flagged as AsyncRAT, a dangerous remote access trojan, along with traces of Mimikatz, a Windows exploit that extracts passwords from memory.
• The tool’s author is reportedly a former capture the flag player for the Chinese HSCSEC team, which The Register notes is significant because “these competitions in China provide a recruiting and training pipeline for skilled hackers and Beijing’s cybersecurity and intelligence agencies looking to hire them.”

Why this matters: The emergence of AI-powered offensive tools marks a concerning evolution in the cybersecurity threat landscape.

• Unlike traditional penetration testing tools that require significant technical expertise, AI-native solutions like Villager could lower the barrier to entry for sophisticated cyberattacks.
• The tool’s rapid adoption rate of 10,000 downloads in just two months suggests strong demand from both legitimate security professionals and potential threat actors.
• This development raises questions about whether the cybersecurity industry is prepared for AI-powered Persistent Threat Actors (AIPT), as automated offensive capabilities become more accessible and sophisticated.