- The villagers are a tea-and-native Pantest tool with around 10,000 downloads, including probably threat actors
- It automates attacks using Kali Linux and Deepseek IA, raising double -use concerns
- Cyberspike, its creator, has links with malware and Chinese hackers circles
Is the world ready for persistent threat actors fed by AI (AIPT)? We are about to discover it, because a Chinese company has recently built and published a tool for a-native penal.
It has been picked up around 10,000 times in the past two months, reporting rapid adoption.
Among the people who download the tool also include threat actors.
Widely adopted
This is the conclusion of a new report published by the Safety Store. His researchers, Dan Regalado and Amanda Rousseau, observed a new tool called villagers. They describe it as a successor propelled by the AI of the Cobalt strike, integrating tools like Kali Linux and Deepseek IA to automate offensive security operations.
“Originally positioned as an offer from the Red team, Cyberspike has published an Automation tool supported by MCP Compatible AI called” Villageur “which combines Kali Linux tools with models of Deepseek to fully automate test workflows,” warned researchers.
“The rapid and public and automation capacities create a realistic risk that the villagers will follow the cobalt strike trajectory: the tools developed commercially or legitimately is largely adopted by the actors of the threat for malicious campaigns.”
It is widely adopted. The tool is available for free on Pypi, the largest Python package index in the world, and it has been downloaded almost 10,000 times since its release in July.
Straiker also claims that Cyberspike, the company behind Virgager, is at best ladle, and most likely – a threat player engaged in the distribution of malware. Currently, he did not have an official website, but he had one two years ago, and at the time, he offered a product called Cyberspike.
All its set of tools and its arsenal were then downloaded from Virustotal and reported like Asyncrat, a Trojan from a dangerous and well -established distance. There were also traces of Mimikatz, a feat for Windows which extracts passwords stored in memory.
The register has added more weight to the suspicions of an elaborate hack, indicating that the author of the tool is a former player of the Chinese team capture HSCSEC. This “is important because these competitions in China provide a recruitment and training pipeline to qualified pirates and cybersecurity and intelligence agencies in Beijing that seek to hire them,” concluded the publication.
Via The register
