Ongoing Flipper Zero phishing attacks target infosec community


Flipper Zero

A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal information and cryptocurrency.

Flipper Zero is a portable multi-functional cybersecurity tool for pen-testers and hacking enthusiasts. The tool allows researchers to tinker with a wide range of hardware by supporting RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and more.

The developers launched the device after a massively successful 2020 Kickstarter campaign, which surpassed the funding goal of $60,000 by 81 times, after receiving $4,882,784 in pledges.

Since then, security researchers’ demonstrations of the endlessly amusing and somewhat scary capabilities of Flipper Zero on social media have helped generate much hype around the device, raising the interest of aspiring hackers and researchers.

However, in the past year, the product was hampered by production issues causing supply shortages that made it impossible to meet the still-growing demand. 

In September 2022, revenue holdbacks by digital payments platform PayPal put the project at risk, endangering its production by holding $1.3 million destined for ordering new production batches.

Targeting cybersecurity researchers

Threat actors are now taking advantage of the immense interest in Flipper Zero and its lack of availability by creating fake shops pretending to sell it. 

These phishing campaigns were discovered by security analyst Dominic Alvieri, who spotted three fake Twitter accounts and two fake Flipper Zero stores.

At first glance, one of the fake Twitter accounts appears to have the same handle as the official Flipper Zero account. However, in reality, it uses a capital “I” in the name, which looks just like an “l” on Twitter.

Fake Twitter account (left) real Twitter account (right)
Fake Twitter account (left) real Twitter account (right)
Source: BleepingComputer

This fake Twitter account is actively responding to people about availability and other account’s tweets to make it look legitimate.

At the time of writing this, one of the fake shops remains online, pretending to sell Flipper Zero, the Wi-Fi module, and the case at the same price as the actual shop.

Fake Flipper Zero shop
Fake Flipper Zero shop
Source: BleepingComputer

The goal is to take buyers to the phishing checkout page, where they are requested to enter their email addresses, full names, and shipping addresses.

Phishing step on the order page
Phishing step on the order page
Source: BleepingComputer

The victims are then given a choice to pay using Ethereum or Bitcoin cryptocurrency and are told that their order will be processed within 15 minutes after submission

Choosing a payment method
Choosing a payment method
Source: BleepingComputer

The listed wallet addresses have not received any payments, so either the particular shop hasn’t managed to trick any security researchers or used new wallets after each transaction.

The threat actors have since switched to using plisio.net invoices to accept crypto payments, which now include Litecoin. However, these invoices are not working, stating that the order has expired.

As long as the interest and shortages continue, cybercriminals will continue to attempt to impersonate Flipper Zero through fake shops to trick security enthusiasts into giving up their personal information and crypto.

Due to this, it is vital to be on the lookout for these promotions and shops claiming immediate product availability and only buy from the official store.





Source link