New Phishing Campaign Impersonates Flipper Zero to Target Cyber Professionals

Written by

Several social media accounts and fake websites are pretending to sell the sought-after hacking tool Flipper Zero to lure cybersecurity professionals into making cryptocurrency transactions.

This new campaign of angler phishing – a type of social media phishing that involves impersonating corporate social media accounts to interact with their customers – was first uncovered by security researcher Dominic Alvieri on December 2, 2022.

On Twitter, Alvieri warned of three distinct Twitter accounts and two websites impersonating the official Flipper Zero seller to lure potential buyers into sending cryptocurrencies – without sending them the Flipper Zero device in exchange.

At first glance, one of the Twitter accounts looked very similar to the official Flipper Zero. However, upon closer examination, the researcher discovered that the fake account’s handle used a capital “I” instead of an “l.” after the “F.”

The fake account (left) was created only a few months ago.
The fake account (left) was created only a few months ago.

The threat actor seems to use different methods, including linking the shop checkout page to Bitcoin and Ethereum wallets and using invoices to accept crypto payments.

Flipper Zero is a small cybersecurity tool that looks like a children’s toy, but that offers hackers, pen-testers and cybersecurity enthusiasts a range of features, including RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and more.

It was launched through a Kickstarter campaign in 2020 and received $4,882,784 in pledges, accounting for 81 times more than the $60,000 the company had hoped for.

Over the past year, however, the product suffered from production issues causing supply shortages that made it impossible to meet the still-growing demand.

In September 2022, revenue holdbacks by digital payments platform PayPal put the project at risk, endangering its production by holding $1.3 million destined for ordering new production batches, reported BleepingComputer.

The threat actor is leveraging the gap between a high demand and a low supply.

At the time of writing, one online shop and two of the three fake Twitter accounts are still up.

What’s hot on Infosecurity Magazine?