Installation of the malware in targeted routers facilitates the deployment of a cd00r variant scanning for five network signals, which when received triggers reverse shell creation on the local file system, enabling device takeover, data exfiltration, and additional malware compromise, according to an investigation by Black Lotus Labs researchers.