A new phishing campaign is exploiting the increasing interest of members of the security community in Flipper Zero to steal their personal information and cryptocurrencies.
Flipper Zero is a portable multifunctional cybersecurity tool for pen testers and hacker enthusiasts. This tool allows researchers to work with a wide range of equipment, supporting RFID emulation, digital key cloning, radio, NFC, infrared, Bluetooth, and more.
The developers launched the device after a hugely successful 2020 Kickstarter campaign that beat the $60,000 funding goal by 81 times after receiving $4,882,784 in pledges.
Since then, demonstrations by security researchers of Flipper Zero's endlessly fun and somewhat intimidating features on social media have helped create a lot of buzz around the device, raising the interest of budding hackers and researchers. However, last year the product was hampered by production problems that caused a shortage of supply, making it impossible to meet the still-growing demand.
Attackers are now taking advantage of the huge interest in Flipper Zero and its absence, setting up fake shops pretending to sell it. These phishing campaigns were discovered by security analyst Dominic Alvieri, who uncovered three fake Twitter accounts and two fake Flipper Zero stores.
At first glance, it appears that one of the fake Twitter accounts has the same ID as the official Flipper Zero account. However, the title actually uses a capital "I" which looks the same as the "l" on Twitter.
This fake Twitter account is actively responding to people about other accounts' availability and tweets to make it look legitimate. As of this writing, one of the fake stores remains online, pretending to sell the Flipper Zero, Wi-Fi module, and case for the same price as the real store.
The goal is to direct shoppers to a phishing checkout page where they are asked to enter their email addresses, full names, and shipping addresses. Victims are then given the choice to pay with either Ethereum or Bitcoin and are informed that their order will be processed within 15 minutes of being submitted.
No payments were received to the listed wallet addresses, so either the particular store failed to fool the security researchers or use new wallets after each transaction.
The hackers have since moved to using plisio.net invoices to accept cryptocurrency payments, which now include Litecoin. However, these invoices do not work, claiming that the order has expired. As long as interest and scarcity persist, cybercriminals will continue to try to impersonate Flipper Zero through fake stores to trick security enthusiasts into revealing their personal information and cryptocurrencies.