The new artificial intelligence (AI)-powered penetration testing tool linked to the China-based company has collected nearly 11,000 downloads in the Python Package Index (PYPI) repository, raising concerns that it could be reused by Cyber Criminal for malicious purposes.
The framework, called Villager, is rated as Cyberspike’s work, deploying The Turss as a red teaming solution to automate test workflows. This package was first uploaded to Pypi in late July 2025 by a user named ScimalFish001, a former Capture the Flag (CTF) player for the Chinese HSCSEC team.
“The rapid, public availability and automation capabilities create realistic risks for villagers to follow the trajectory of cobalt strikes. Commercial or legally developed touring has become widely adopted by threat actors due to malicious campaigns.”
The emergence of Villagers occurs shortly after Checkpoint reveals that threat actors are trying to leverage the attack security tool from another new Ai-ASIS called HexStrike AI to take advantage of the security flaws they have recently disclosed.
With the advent of Generator AI (aka Genai) models, threat actors are leveraging social engineering, technology, and information operations technologies in ways that are likely to contribute to speed improvements, access to expertise, and scalability.
One of the important benefits of relying on such tools is that it lowers barriers to exploitation and reduces the time and effort required to stop such attacks. What once required highly skilled operators and weeks of manual development can be automated using AI, providing assistance to bad actors in misuse, payload delivery, and even infrastructure setup.
“Exploitation can be parallel on a large scale, with agents scanning thousands of IPs simultaneously,” Checkpoint said recently. “Decisions will become adaptive. Failed exploit attempts can be automatically retries in variations until successful, increasing the overall exploitation yield.”
The fact that villagers are available as off-the-shelf Python packages means that they provide attackers with an easy way to integrate the tool into their workflow, Straiker describes it as “concerns about the evolution of AI-driven attack tools.”
Cyberspike first appeared in November 2023, with domains called “Cyberspikes.”[.]Top” is Changchun Anshanyuan Technology Co., Ltd, a China-based AI company. was registered under. In other words, the only source of information about what the company does comes from a Chinese talent service platform called Liepin, raising questions about the people behind it.
Snapshots of domains captured in Internet Archives reveal that the tool is sold as a network attack simulation and post-penetration testing tool, helping organizations assess and enhance their cybersecurity attitudes.
Once installed, CyberSpike incorporates plugins, a component of the Remote Access Tool (RAT), which allows for invasive victim monitoring and control using remote desktop access, Discord account compromise, keystroke rugging, webcam hijacking and other surveillance features. Further analysis revealed similarities with known rats called Asyncrats.
“Cyberspike integrates Asyncrat with Red Teaming products and also features additional plugins for well-known hack tools like Mimikatz,” says Straiker. “These integrations show how Cyberspike repackaged established hack and attack tools and how they were repackaged into a turnkey framework designed for penetration testing and perhaps malicious operations.”
Villager appears to be Cyberspike’s latest product. It acts as a Model Context Protocol (MCP) client and integrates with the AI models of Kali Linux Toolset, Langchain, and Deepseek to automate test workflows, handle browser-based interactions, issue commands in natural language, and convert them to technical equivalents.
In addition to leveraging the database of AI systems, you are encouraged to generate exploits and make real-time decisions in penetration tests. The AI-Native penetration testing framework automatically creates isolated Kali Linux containers for network scans, vulnerability assessments and penetration testing, covering activities after 24 hours and then destroying them.
“The temporary nature of these containers, combined with randomized SSH ports, makes detection difficult for AI-powered attack containers to complicate forensic analysis and threat attribution,” the researchers noted.
Command and Control (C2) is achieved by the FASTAPI interface that handles incoming tasks, and the Python-based Pydantic AI agent platform is used for standardization of output.
“The villagers reduce the skills and time required to run sophisticated and aggressive toolchains, allowing less skilled actors to carry out more advanced intrusions,” the researchers said. “Track-based architectures show fundamental changes in the way AI dynamically organizes tools based on targets rather than following rigid attack patterns.”
Automatic reconnaissance, exploitation attempts, and increased frequency and speed of subsequent activities can create a burden of detection and response across the enterprise. ”
“Track-based architectures show fundamental changes in the way AI dynamically organizes tools based on targets rather than following rigid attack patterns.”
Source link
