1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A mysterious Chinese AI pentesting tool has appeared online, with

    From TechnologyDaily@1337:1/100 to All on Fri Sep 12 17:00:10 2025
    A mysterious Chinese AI pentesting tool has appeared online, with over 10,000 downloads so far

    Date:
    Fri, 12 Sep 2025 15:46:00 +0000

    Description:
    The developers built malware before and participated in competitions used as recruiting platforms for Chinese state hackers.

    FULL STORY ======================================================================Villager
    is an AI-native pentest tool with ~10,000 downloads, likely including threat actors It automates attacks using Kali Linux and DeepSeek AI, raising
    dual-use concerns Cyberspike, its creator, has ties to malware and Chinese hacker circles

    Is the world ready for AI-powered Persistent Threat Actors (AIPT)? Were about to find out, as a Chinese company recently built and released an AI-native pentesting tool .

    Its been picked up approximately 10,000 times in the last two months, signaling rapid adoption.

    Among the people downloading the tool are, most likely, threat actors as
    well. Widely adopted

    This is the conclusion of a new report published by the security outfit Straiker. Its researchers, Dan Regalado and Amanda Rousseau, observed a new tool called Villager. Theyre describing it as an AI-powered successor to Cobalt Strike, integrating tools like Kali Linux and DeepSeek AI to automate offensive security operations.

    Originally positioned as a red-team offering, Cyberspike has released an AI-enabled, MCP-supported automation tool called "Villager" that combines
    Kali Linux toolsets with DeepSeek AI models to fully automate testing workflows, the researchers warned.

    The rapid, public availability and automation capabilities create a realistic risk that Villager will follow the Cobalt Strike trajectory: commercially or legitimately developed tooling becoming widely adopted by threat actors for malicious campaigns.

    Widely adopted it is. The tool is freely available on PyPI, the worlds
    biggest Python Package Index, and it has been downloaded nearly 10,000 times since its release in July.

    Straiker also claims that Cyberspike, the company behind Villager, is shady
    at best, and quite possibly - a threat actor engaged in distributing malware
    . At the moment, it doesnt have an official website, but it used to have one two years ago, and back then, it was offering a product called Cyberspike.

    Its entire toolset and arsenal were subsequently uploaded to VirusTotal and flagged as AsyncRAT, a dangerous and well-established remote access trojan. There were also traces of Mimikatz, an exploit for Windows that extracts passwords stored in memory.

    The Register added more weight to the suspicions of an elaborate hack, reporting that the tools author is a former capture the flag player for the Chinese HSCSEC team. This is significant because these competitions in China provide a recruiting and training pipeline for skilled hackers and Beijing's cybersecurity and intelligence agencies looking to hire them, the publication concluded.

    Via The Register You might also like New AI-powered HexStrike tool is being used to target multiple Citrix security flaws Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-mysterious-chinese-ai-pentesting-tool -has-appeared-online-with-over-10-000-downloads-so-far


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)