Linked to the alias zxcr9999 on Telegram, who operates the "Condi Network" channel.

It scans for and terminates processes from other competing botnets (and older versions of Condi) to ensure it has sole control of the device's resources.

It primarily spreads via CVE-2023-1389 , an unauthenticated command injection and Remote Code Execution (RCE) flaw in the router's web management interface. Key Capabilities:

Condi is a malware that allows users to either rent the botnet for attacks or purchase its source code to run their own operations.