(Image credit: Getty Images/sabelskaya)

Check Point Research (CPR), a cybersecurity investigative team, discovered a gnarly Android malware called FluHorse. This sickening, malicious software has the ability to mimic legitimate apps, luring unsuspecting victims to its deceptive lair.

Making matters worse, FluHorse can lie dormant in your device for months, remaining undetected and flying under your radar. Check Point Research investigators called the threat “persistent, dangerous and hard-to-spot.”

What can FluHorse do?

As mentioned, FluHorse’s modus operandi is mimicking genuine applications to mislead victims into its deceitful den. For example, investigators discovered that the malware masqueraded as a popular Taiwan-based toll collection app in Google Play. 

According to CPR, the attackers behind FluHorse often imitated major banking and transportation apps, but the report did not disclose the names of these malicious apps. Most of these FluHorse-infected apps, according to CPR, have more than 1,000,000 installs. Yikes!

“The malware operators made an effort to carefully mimic all the key interface details to avoid raising any suspicions,” the CPR report said.

Once FluHorse wiggles its way into a victim’s device, it can steal their credentials and two-factor authentication (2FA) codes. How? Firstly, once the imposter app is installed, it asks victims to allow it to send and view SMS messages. 

ETC app

ETC app (Image credit: Check Point Research)

Next, quarries are prompted to input their credentials (e.g., password and credit card details). At some point, a command-and-control server intercepts any incoming SMS traffic to snatch 2FA codes. See how the malware works step-by-step with the diagram provided below.

Check Point Research diagram

Check Point Research diagram (Image credit: Check Point Research)

How do these FluHorse-infected apps end up on users phones? A sophisticated phishing campaign that lures victims to install apps as an APK. “We traced infection chains for different types of malicious applications and discovered multiple high-profile entities among the recipient of these emails,” the report said.

CPR noted that the framework that underpins these malicious apps is Flutter, a Google-created open-source software development kit. The Eastern Asian markets, according to CPR, were the main targets of FluHorse, but that doesn’t mean you’re off the hook if you’re outside of that region.

As always, the moral of the story is to avoid installing Android apps from non-reputable third-party app stores, suspicious emails, and other risky channels. The Google Play Store has its drawbacks, but it’s a far safer platform than the aforementioned sources.


Back to Ultrabook Laptops



Apple 2022 MacBook Air Laptop... (opens in new tab)

Amazon (opens in new tab)


Lenovo - IdeaPad Duet 5... (opens in new tab)

Best Buy (opens in new tab)


ThinkPad X1 Yoga Gen 7 Intel... (opens in new tab)

Lenovo USA (opens in new tab)

(13.5-inch Intel Core i5)


HP Spectre x360 2-in-1 Laptop... (opens in new tab)

HP (US) (opens in new tab)


Microsoft Surface Laptop 3,... (opens in new tab)

Walmart (opens in new tab)


Acer Swift 5 (2022)... (opens in new tab)

Acer (opens in new tab)


14-inch MacBook Pro - Space... (opens in new tab)

Apple (opens in new tab)


Apple 14 (opens in new tab)

BHPhoto (opens in new tab)


Surface Laptop Studio - Intel... (opens in new tab)

Microsoft US (opens in new tab)


Microsoft Surface Laptop... (opens in new tab)

Target (opens in new tab)

Load more deals

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

Kimberly Gedeon, holding a Master’s degree in International Journalism, launched her career as a journalist for MadameNoire’s business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she’s finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!

The post New nasty Android malware can steal your 2FA codes — is your phone affected? first appeared on

New reasons to get excited everyday.

Get the latest tech news delivered right in your mailbox

New nasty Android malware can steal your 2FA codes — is your phone affected?

5 Reasons Why You Should Try Online Horse Race Betting

In many places around the world, horse races are an attraction that a lot of people love to watch. With the fast-paced action and thrill that each game provides, it is no longer surprising to know that millions of fans have grown fond of it.

You may also like

Notify of
Inline Feedbacks
View all comments