One-Click Attack: New Hacking Tool Contains Kali Linux and Self-Destruct Feature
10,000 developers have already downloaded this "legitimate" tool for automated attacks.
10,000 developers have already downloaded this "legitimate" tool for automated attacks.
Specialists from Straiker have reported on a new tool named Villager, which has been downloaded nearly 10,000 times from the official PyPI repository since its release in July. The program is positioned as a Model Context Protocol client and combines dozens of network auditing tools, but simultaneously contains everything needed to carry out attacks in a fully automated mode. Similar to Cobalt Strike, Villager can be used for legitimate purposes as well as an offensive platform for threat actors who don't even require deep technical expertise.
Villager includes containers with Kali Linux, hundreds of analysis and exploitation tools, and integration with DeepSeek language models. The developers added an extensive database of 4,201 pre-prepared queries for generating exploits, allowing the system to autonomously tailor attacks to specific targets. Additionally, mechanisms for advanced detection evasion, automatic creation of isolated containers for scanning and testing, as well as a self-destruct function that deletes the container after 24 hours to hide traces, have been implemented.
Villager can reconfigure its attack strategy in real-time: if WordPress is detected, WPScan is automatically launched; if an API endpoint is found, browser automation is activated to test authentication. If a client-side prototype pollution vulnerability is detected, the tool generates a payload, monitors network traffic, and, if successful, establishes persistence in the system. The Straiker report provides examples of multi-step attack chains: from initial scanning to the deployment of persistence mechanisms.
The investigation revealed that the project is linked to the Chinese organization Cyberspike, registered under the company Changchun Anshanyuan Technology Co. in November 2023. Despite having a formal address and registration, the company lacks a proper website and employee data, and its site shut down in early 2024. An earlier product line from Cyberspike was uploaded to VirusTotal, where specialists identified the presence of embedded AsyncRAT and plugins for popular tools like Mimikatz. Analysis confirmed that Cyberspike was essentially repackaging known malware as a pentesting kit for potential offensive operations.
The author of Villager, using the handle @stupidfish001, previously participated in the Chinese CTF team HSCSEC. Researchers note that these competitions traditionally serve as a channel for training specialists and recruiting them into structures associated with cyber operations. Chinese comments are found in Villager's code, and the service continues to use the company's domain, indicating the active use of its infrastructure.
Since July, Straiker has observed consistent downloads of the package—about 200 downloads every three days. In total, the number of installations has reached 9,952 across different operating systems, including Linux, macOS, and Windows. Meanwhile, the product remains openly available and continues to be distributed via PyPI.
According to the specialists, threat actors are rapidly adopting the use of AI for attack automation, and the speed of this process requires companies to adopt a symmetric approach—implementing their own AI-based solutions for defense with the same level of responsiveness.
