Threat Watch

Ongoing Flipper Zero Phishing Attacks Target Infosec Community

A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal information and cryptocurrency. Flipper Zero is a portable multi-functional cybersecurity tool for pen-testers and hacking enthusiasts. The tool allows researchers to tinker with a wide range of hardware by supporting RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and more. The developers launched the device after a massively successful 2020 Kickstarter campaign, which surpassed the funding goal of $60,000 by 81 times, after receiving $4,882,784 in pledges. Since then, security researchers’ demonstrations of the endlessly amusing and somewhat scary capabilities of Flipper Zero on social media have helped generate much hype around the device, raising the interest of aspiring hackers and researchers. However, in the past year, the product was hampered by production issues causing supply shortages that made it impossible to meet the still-growing demand.

Threat actors are now taking advantage of the immense interest in Flipper Zero and its lack of availability by creating fake shops pretending to sell it. These phishing campaigns were discovered by security analyst Dominic Alvieri, who spotted three fake Twitter accounts and two fake Flipper Zero stores. At first glance, one of the fake Twitter accounts appears to have the same handle as the official Flipper Zero account. However, it uses a capital “I” in the name, which looks just like an “L” on Twitter. This fake Twitter account is actively responding to people about availability to make it look legitimate. At the time of writing this, one of the fake shops remains online, pretending to sell Flipper Zero, the Wi-Fi module, and the case at the same price as the actual shop. The goal is to take buyers to the phishing checkout page, where they are requested to enter their email addresses, full names, and shipping addresses. The victims are then given a choice to pay using Ethereum or Bitcoin cryptocurrency and are told that their order will be processed within 15 minutes after submission. The listed wallet addresses have not received any payments, so either the shop hasn’t managed to trick any security researchers or they used new wallets after each transaction. The threat actors have since switched to using plisio.net invoices to accept crypto payments, which now include Litecoin. However, these invoices are not working, stating that the order has expired.

ANALYST NOTES

As long as the interest and shortages continue, cybercriminals will continue to attempt to impersonate Flipper Zero through fake shops to trick security enthusiasts into giving up their personal information and crypto. Due to this, it is vital to be on the lookout for these promotions and shops claiming immediate product availability and only buy from the official store.

https://www.bleepingcomputer.com/news/security/ongoing-flipper-zero-phishing-attacks-target-infosec-community/