IoT devices, specifically TP-Link Archer AX21 (AX1800) routers.
It primarily spreads via CVE-2023-1389 , an unauthenticated command injection and Remote Code Execution (RCE) flaw in the router's web management interface. Key Capabilities: CondiV3-KingOfZero.rar
The malware typically does not survive a system reboot. To counter this, it deletes system binaries (like /usr/sbin/reboot or /usr/bin/shutdown ) to prevent the user from restarting the device. To counter this, it deletes system binaries (like
It scans for and terminates processes from other competing botnets (and older versions of Condi) to ensure it has sole control of the device's resources. "KingOfZero" likely refers to the developer or distributor
CondiV3-KingOfZero.rar appears to be a compressed archive containing source code or binaries for , a Mirai-based Distributed Denial-of-Service (DDoS) botnet. "KingOfZero" likely refers to the developer or distributor of this specific version. Malware Profile: Condi Botnet