A new AI-powered hacking tool called ‘Villager’ is being used by attackers to automate complex cyberattacks, researchers have warned.
Developed by China-based group Cyberspike, Villager mimics legitimate penetration testing tools but uses AI to adapt attacks in real time. It runs on Kali Linux, is powered by DeepSeek v3, and has been downloaded over 10,000 times since July 2025.
Unlike older tools like Cobalt Strike, Villager can exploit vulnerabilities based on natural language prompts, detect a target’s setup, and select the most effective method of attack. It creates temporary containers that delete themselves after 24 hours to avoid detection.
Researchers say this dramatically lowers the skill level required to carry out advanced attacks, making it easier for inexperienced hackers to breach systems and establish persistence.
Businesses can protect themselves by patching known vulnerabilities, using strong endpoint detection and response (EDR) tools, and monitoring for suspicious automated activity, especially container-based processes.
