Early this year we observed suspicious UDP connections to port 33000 in a mobile device. This traffic contained a Facebook URL that included a Facebook Graph token, and it was sent unencrypted over the network. In this blog post we show details of this traffic, what information is leaked, and who is affected. We have reported this behavior to Facebook, who confirmed this traffic is part of Facebook’s normal behavior.
Reversing my first malware
I am Kamila, a first-year student of Computer Science and Electrical Engineering in CTU (Czech Technical University in Prague). I recently joined the Сivilsphere team as a Malware Reverser. So, this blog will be about my first small project in analyzing a particular malware, its actions, and understanding what it does.
Mobile (in)Security Series: location leaked over the network by android application
Report: Malware attacks on Linux servers to run cryptocurrency miners. A real case analysis.
In February 2018, we started investigating a security breach in one of our partner organisations. The analysis lead us to discover a long pattern of attacks against several web servers in the same organisation. The final goal of the attacks: exploiting the computational power of the servers to mine cryptocurrency.
CivilSphere: free malware detection for NGOs, journalists, and people at risk
The CivilSphere Project was born at the Stratosphere IPS laboratory, Czech Technical University (CTU), in early 2018. We believe that NGOs' work is a critical asset for our society, protecting human rights and civil liberties. It is their critical work that makes them a highly valuable political target for a wide variety of powerful actors.