Use of Facebook UDP Priming Revealed in Unencrypted UDP Connection to port 33000

Early this year we observed suspicious UDP connections to port 33000 in a mobile device. This traffic contained a Facebook URL that included a Facebook Graph token, and it was sent unencrypted over the network. In this blog post we show details of this traffic, what information is leaked, and who is affected. We have reported this behavior to Facebook, who confirmed this traffic is part of Facebook’s normal behavior.

Facebook User Token Leaked in unencrypted UDP Connection

Early this year we observed suspicious UDP connections to port 33000 in a mobile device. This traffic contained a Facebook URL that included a Facebook Graph token, and it was sent unencrypted over the network. In this blog post we show details of this traffic, what information is leaked, and who is affected. We have reported this behavior to Facebook, who confirmed this traffic is part of Facebook’s normal behavior.

Reversing my first malware

I am Kamila, a first-year student of Computer Science and Electrical Engineering in CTU (Czech Technical University in Prague). I recently joined the Сivilsphere team as a Malware Reverser. So, this blog will be about my first small project in analyzing a particular  malware, its actions, and understanding what it does.