- Villager is a native Pentest tool with 10,000 downloads, which probably includes threat actors
- Automates attacks with Kali Linux and Deepseek AI, raising double -use concerns
- Cyberspike, its creator, has links with malware and Chinese hacker circles
Is the world ready for persistent threat actors (AIPT) with AI? We are about to discover it, since a Chinese company built and launched a Penteting Native Native tool.
Approximately 10,000 times has been collected in the last two months, indicating a rapid adoption.
Among the people who download the tool are, most likely, threat actors as well.
Widely adopted
This is the conclusion of a new report published by the Straiker security team. His researchers, Grover and Amanda Rousseau, observed a new tool called Aldeano. They are describing it as a successor of AI for Cobalt Strike, integrating tools such as Kali Linux and Deepseek AI to automate offensive security operations.
“Originally positioned as a red equipment offer, Cyberspike has launched an MCP automation tool with Ai-MCP proportion called” Villager “that combines Kali Linux tools sets with deep AI models to completely automate the test workflows,” the researchers warned.
“Quick public availability and automation capacities create a realistic risk that the village will follow the trajectory of Cobalt Strike: the tools developed commercially or legitimately are widely adopted by threat actors for malicious campaigns.”
Widely adopted it is. The tool is available for free in PyPI, the largest Python packages index in the world, and almost 10,000 times has been downloaded since its launch in July.
Straiker also states that Cyberspike, the company behind Villager, is shaded at best and possibly a threat actor dedicated to malware distribution. At the moment, it does not have an official website, but it used to have one two years ago, and at that time, it was offering a product called Cyberspike.
Subsequently, their set of tools and Arsenal climbed to Virustotal and marked as Ayncrat, a dangerous and well -established remote access Trojan. There were also traces of Mimikatz, an exploit for Windows that extracts passwords stored in memory.
The registration added more weight to the suspicions of an elaborate trick, informing that the author of the tool is a former flag capture player for the Chinese HSCSEC team. This “is significant because these competitions in China provide a recruitment and training pipe for qualified hackers and the Beijing cybersecurity and intelligence agencies that seek to hire them,” the publication concluded.
Through The registration
