Cybercriminals send new phishing campaigns impersonating Flipper Zero to target cyber professionals.

Phishing is on the rise. Recently, there has been a surge of social media accounts and fake websites claiming to sell the highly sought-after hacking tool called Flipper Zero. These accounts and websites attempt to lure cybersecurity experts into making cryptocurrency transactions under pretenses. This type of scam, known as angler phishing, involves impersonating official company social media accounts to interact with customers. Security researcher Dominic Alvieri discovered this particular campaign on December 2, 2022. Alvieri alerted the public about three different Twitter accounts and two websites pretending to be the official Flipper Zero vendor. These accounts and websites attempted to trick potential buyers into sending cryptocurrencies without providing the Flipper Zero product in exchange. Individuals need to be cautious when making transactions online. Before proceeding with any transactions, one should verify the authenticity of any accounts or websites.

What is phising?

Phishing is a type of cyber attack that involves tricking people into providing sensitive information, such as login credentials or financial data, to a fake website or email. It typically starts with sending fraudulent messages that appear to be from a legitimate source, such as a bank or a popular online service. Phishing aims to steal sensitive information or install malware on a victim’s device.

What investigations have revealed about this phishing attack?

Upon further investigation, the researcher discovered something shocking. The seemingly legitimate Twitter account was a fake account created only a few months ago. The fake account had a similar appearance to the official Flipper Zero account. On closer examination, the researcher noticed that the handle of the fake account used a capital “I” instead of a lowercase “l” after the “F.” The threat actor behind this fake account appears to have utilized various tactics to scam individuals. These threats include linking the store checkout page to Bitcoin and Ethereum wallets. This was done using plisio.net invoices to accept cryptocurrency payments. This shows that the threat actor is skilled at creating fake accounts and well-versed in using various methods for accepting and receiving payments through cryptocurrency.

What’s the challenge for Flipper Zero?

Flipper Zero is a compact cybersecurity device. It resembles a child’s toy but is packed with various beneficial features for hackers, pen-testers, and cybersecurity enthusiasts. These features include the ability to emulate RFID signals, clone digital entry keys. It also has features like transmitting radio communications, NFC technology, infrared capabilities, Bluetooth connectivity, and more. The tool was initially introduced through a Kickstarter campaign in 2020. It received overwhelming support, with $4,882,784 in pledges, which is 81 times the company’s original goal. However, over the past year, the production of Flipper Zero has faced numerous challenges. These challenges lead to shortages in supply and an inability to meet the growing demand for the tool. and now the new challenge comes in – Phishing.

In September 2022, the electronic payments platform PayPal caused significant issues for the venture when they held back income, which amounted to $1.3 million meant to be used for purchasing new output batches. This put the venture’s production at risk, as there was a gap between the high demand for their products and their limited supply. The situation was further exacerbated by the fact that one online store and two of the three fake Twitter accounts associated with the venture were still active at the time of writing. This issue with PayPal and the presence of fake accounts contributed to the danger facing the venture.