Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

DDoS Attack Tool Goes Mobile to Google Android

LOIC DDoS Attack Tool Now Available for Google Android Devices

LOIC DDoS Attack Tool Now Available for Google Android Devices

Distributed-denial-of-service (DDoS) attacks have become a favorite weapon of hacktivists in the past several years, and especially recently. But while such attacks are typically launched from an army of PCs, researchers at McAfee have found a new app for Android that ports the infamous low orbit ion cannon (LOIC) tool over to mobile devices.

LOIC works by sending a large amount of TCP/UDP packets to a specific URL, explained Carlos Castillo, a malware researcher with McAfee. Besides the new Android version, the tool has also been ported to JavaScript to perform a denial-of-service directly from the browser. Porting the tool over to Android was made easy by the fact that it was generated using a free online service that creates Android apps with just a URL, HTML code or document file, Castillo blogged.

“In this case, the attack was created with only the URL of a specific pastehtml website that has a JavasScript version of LOIC to perform a DoS attack against the Argentinian government,” he wrote. “The attack is part of the operation #opargentina, run by an Anonymous cell in South America.”

“When it is executed, a WebView component shows the contents of the URL, which is basically an HTML web page with a JavaScript that sends 1,000 HTTP requests with the message “We are LEGION!” as one of the parameters,” he added.

‘We are LEGION’ is a common slogan used by members of Anonymous.

Recently, application delivery and security provider Radware released a report that noted that while large DDoS attacks often get the most publicity, many organizations are victimized by less intensive attacks that do plenty of damage. For example, the company found 76 percent of the attacks it analyzed from 2011 were less than 1Gbps in bandwidth, and 32 percent were less than 10 Gbps. Just nine percent of the attacks were more than 10 Gbps in bandwidth.

“Creating Android applications that perform DoS attacks is now easy: It requires only the URL of an active web LOIC–and zero programming skills–thanks to automated online tools,” Castillo wrote. “Because the application’s purpose is simply to display any website on an Android system, we classify this hack tool a potentially unwanted program (PUP). If you have enabled PUP detection (our default setting), then McAfee Mobile Security for Android will detect this tool as Android/DIYDoS.”

Related: AntiSec Takes Down FTC and Consumer Protection Websites

Related Resource: The Business Case for Managed DDoS Protection

Related: DDoS Attacks – Size Doesn’t Matter, Says Radware

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.