Researchers suspect a mobile advertising network has been used to point hundreds of thousands of smartphone browsers at a website with the aim of knocking it offline.
According to distributed denial-of-service protection service CloudFlare, one customer's site recently came under fire from 4.5 billion page requests during a few hours, mostly from smartphone browsers on Chinese IP addresses.
Analysing the log files, Majkowski found the smartphone browser attack peaked at over 275,000 HTTP requests per second, with 80 percent coming from mobile devices and 98 percent from a Chinese IP address. The logs also reveal mobile versions of Safari, Chrome, Xiaomi's MIUI browser, and Tencent's QQBrowser.
"Strings like 'iThunder' might indicate the request came from a mobile app. Others like 'MetaSr', 'F1Browser', 'QQBrowser', '2345Explorer', and 'UCBrowser' point towards browsers or browser apps popular in China," Majkowski said.
Here's how the attack works: when a user opens an app or browses the web, they are served an iframe with an ad whose content was requested from an ad network. The ad network then forwards the request to a third-party that successfully bids for that inventory and then forwards the user to an attack page.