This DeepSeek-powered pen testing tool could be a Cobalt Strike successor – and hackers have downloaded it 10,000 times since July
‘Villager’ is a China-developed tool that can dynamically adapt attacks to breach the domains and devices of victims
Hackers are deploying a new AI-native penetration testing tool for sophisticated attacks in an industry first, according to new research.
Cybersecurity firm Straiker has warned that ‘Villager’, a tool developed by a China-based red team project known as Cyberspike, is already being used to automate attacks under the guise of penetration testing.
Villager leverages the Kali Linux toolsets and DeepSeek v3 to automate attacks, and is easily accessible via the official Python Package Index (PyPI).
Based on user prompts it can exploit vulnerabilities in a given domain, launch attacks using multiple tools to ensure a victim is breached, and establish persistence for attackers in compromised systems.
“The framework's most dangerous innovation lies not in any single capability, but in how it seamlessly integrates multiple attack vectors through intelligent task orchestration,” wrote Dan Regalado, principal AI security researcher at Straiker, and Amanda Rousseau, member of technical staff at Straiker.
“By combining containerized Kali environments, browser automation, direct code execution, and a 4,201-prompts vulnerability database, all coordinated by AI decision-making, the framework dramatically lowers the technical barrier for conducting complex attacks.”
Researchers at Straiker compared Villager to Cobalt Strike, a legitimate penetration testing tool that has been widely used by hackers for illegitimate purposes.
In March, Fortra and Microsoft announced an “aggressive campaign” against hackers using Cobalt Strike across over 200 malicious domains. Malicious use of the tool on a daily basis dropped 80% as a result.
Villager pen testing tool is a step above Cobalt Strike
Unlike the scripted attacks possible via Cobalt Strike, the AI-powered Villager is capable of complex attacks based on natural language prompts.
For example, researchers noted that when Villager detects a victim’s domain using WordPress, it will launch an attack using the WordPress vulnerability scanner WPScan, for which it creates a custom Kali container.
If an API endpoint is detected, on the other hand, Villager may use browser automation to attempt a breach through a victim’s authentication workflow.
Each successful step is verified by the tool, which can dynamically adapt its vector depending on the context of the attack. Similarly, each Kali Linux container Villager creates, which can contain a range of cybersecurity tools, has built-in mechanisms to wipe themselves after 24 hours to prevent detection.
The tools’s command and control (C2) system, accessed via its Python-based FastAPI connection, ensures each attack is broken into manageable subtasks that are handled by its AI model.
Outputs are standardized using the data validation library Pydantic, researchers added. This ensures each decision Villager makes is reliable and follows on from its previous steps.
All of this points to an organic, sophisticated methodology that opens the door to more attacks from inexperienced attackers, researchers warned. Since it was published on PyPI in July 2025, Villager has been downloaded more than 10,000 times.
The authors at Straiker warned the tool could lead to more automated attacks by hackers using off the shelf tools. They also cautioned that attacks of this kind could speed up the rate at which attackers can discover new vulnerabilities and exploit them, shrinking the detection and response window for cybersecurity teams.
Straiker tracked Cyberspike as having first appeared on a domain established in November 2023, by the supposed AI firm Changchun Anshanyuan Technology Co.
The authors wrote that no evidence of such a company exists on Chinese social media, though archived pages show it sold Cyberspike as a remote administration tool (RAT) in 2023.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Hackers are duping developers with malware-laden coding challenges
- Anthropic admits hackers have 'weaponized' its tools
- Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malware
-
IT leaders are being stung by "unexpected" AI costsNews The growing costs associated with AI are hitting organizations large and small
-
'Botsitting' is destroying productivity as workers spend nearly a full day each week making AI 'usable'News While workers are reporting productivity improvements, ‘botsitting’ means these are often negated
-
'Most enterprises are still unprepared to operationalize it': IT leaders are bullish on agents, but keeping falling at the final hurdle – here's whyNews Forrester points to challenges scaling agentic AI, saying companies start rolling out the tech before they're ready to scale
-
‘Chat is dead’: OpenAI plots ChatGPT ‘super app’ overhaul ahead of public listing – with agents and coding tools the new focusNews The company looks set to spruce up ChatGPT with a particular focus on agents to drive subscriptions
-
Uber’s eye-watering AI bill shows enterprises are ‘still measuring AI success through consumption rather than outcomes’ – and it's warping our perception of ROI and productivityNews ‘Tokenmaxxing’ might pad the stats, but it’s a trend that could come back to haunt enterprises
-
Destination AI: Una partnership affidabile per superare gli ostacoli e gettare le basi per la crescita futuraSponsored Con l'accelerazione dell'adozione dell''AI aziendale, i partner IT devono spostare la loro attenzione dall'hype tecnologico ai risultati aziendali tangibili, sfruttando ecosistemi strutturati per promuovere la monetizzazione a lungo termine
-
Le programme Destination AI : un partenariat de confiance pour surmonter les obstacles et poser les bases de votre croissance future
Sponsored Alors que l'adoption de l'IA en entreprise s'accélère, les partenaires informatiques doivent réorienter leurs priorités : délaisser le battage technologique au profit de résultats commerciaux concrets, en exploitant des écosystèmes structurés pour assurer une monétisation à long terme
