CHIPINFO - ÐÒÉÎÃÉÐÉÁÌØÎÙÅ ÓÈÅÍÙ ÜÌÅËÔÒÏÎÎÙÈ ÕÓÔÒÏÊÓÔ×. USB - RS-232 ÐÒÅÏÂÒÁÚÏ×ÁÔÅÌÉCondi is a malware that allows users to either rent the botnet for attacks or purchase its source code to run their own operations.
IoT devices, specifically TP-Link Archer AX21 (AX1800) routers.
It primarily spreads via CVE-2023-1389 , an unauthenticated command injection and Remote Code Execution (RCE) flaw in the router's web management interface. Key Capabilities:
It scans for and terminates processes from other competing botnets (and older versions of Condi) to ensure it has sole control of the device's resources.
Ensure your TP-Link Archer AX21 is updated to the latest firmware (at least version 1.1.4 Build 20230219) to patch the exploited vulnerability.
The malware typically does not survive a system reboot. To counter this, it deletes system binaries (like /usr/sbin/reboot or /usr/bin/shutdown ) to prevent the user from restarting the device.
Once infected, devices are used to launch coordinated HTTP and binary-based DDoS attacks against targets. Origin & Distribution
Linked to the alias zxcr9999 on Telegram, who operates the "Condi Network" channel.
