Ethical Hacking News
Villager, an AI-powered penetration tool linked to a suspicious China-based company, has been downloaded over 10,000 times since its release in July. The tool includes hundreds of tools that can be used to launch cyber attacks at scale and is linked to AsyncRAT, a remote-access trojan with capabilities including remote desktop access, Discord account compromise, keystroke logging, webcam hijacking, and other surveillance functions.
The Villager AI-powered penetration tool has been downloaded over 10,000 times since its release in July.The tool integrates multiple security tools, including Kali Linux, and includes hundreds of tools for launching cyber attacks at scale.The Villager tool contains DeepSeek AI models to automate testing workflows and a database of AI system prompts to generate exploits.The tool's developer is linked to a suspicious China-based company called Cyberspike, which suggests continued involvement in the project.The Villager tool has been found to be related to AsyncRAT, a remote-access trojan with surveillance capabilities.The tool can launch attacks both targeting single web applications and developing complex, multi-tool attack chains.Cybersecurity experts warn that attackers are moving quickly to adopt AI-powered tools like Villager, emphasizing the need for defenders to stay ahead with AI-based security solutions.
In a recent development that has sent shockwaves through the cybersecurity community, an AI-powered penetration tool known as Villager has been downloaded over 10,000 times since its release in July. This tool, which is linked to a suspicious China-based company called Cyberspike, operates as a Model Context Protocol (MCP) client and integrates multiple security tools, including Kali Linux, which legitimate defenders use to automate penetration testing.
The Villager tool includes hundreds of tools that can be used to launch cyber attacks at scale. It also contains DeepSeek AI models to automate testing workflows, plus a ton of other AI tools like a database of 4,201 AI system prompts to generate exploits and mechanisms to make it difficult to detect. According to Dan Regalado, principal AI security researcher at Straiker, "Like Cobalt Strike, it can be used for legitimate purposes but it is also ready to be used maliciously without expertise needed since it is fully automated."
The tool's developer, a former capture the flag (CTF) player for the Chinese HSCSEC team, has left behind a trail of digital breadcrumbs that point to the involvement of a suspicious China-based company called Cyberspike. The company's domain is still being used by the Villager team, suggesting that they are still using the infrastructure.
Regalado and fellow researcher Amanda Rousseau analyzed the binaries of the Villager tool and discovered that it was related to AsyncRAT, a remote-access trojan with capabilities including remote desktop access, Discord account compromise, keystroke logging, webcam hijacking, and other surveillance functions. They also found that Cyberspike had integrated Mimikatz, a well-known hacktool, into its software suite.
The Villager tool can be used to launch attacks both aimed at a single web application, using AI to adjust the exploit based on what it finds. It can also develop more complex, multi-tool attack chains, which make it difficult for defenders to detect and respond to.
Regalado warned that attackers are moving quickly to adopt AI-powered tools like Villager, automating attacks with AI. Defenders should be using AI-based products to defend at the same speed, he said. "Attackers are moving really fast, automating attacks with AI," he said. "Defenders should be also using AI-based products to defend at the same speed."
The discovery of Villager and Cyberspike has raised concerns among cybersecurity experts about the increasing use of AI-powered penetration tools by malicious actors. As the threat landscape continues to evolve, it is essential for defenders to stay ahead of the curve and adopt AI-powered security solutions to protect themselves against these emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Villager-The-AI-Powered-Penetration-Tool-Thats-Causing-Worry-Among-Cybersecurity-Experts-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/11/cobalt_strikes_ai_successor_downloaded/
Published: Thu Sep 11 13:20:28 2025 by llama3.2 3B Q4_K_M
