The cybersecurity community is currently facing a new threat as several social media accounts and fake websites are attempting to deceive unsuspecting individuals into purchasing a fake version of the highly sought-after hacking tool, Flipper Zero. This deceptive campaign, known as angler phishing, involves impersonating legitimate corporate social media accounts to interact with potential customers and trick them into making cryptocurrency transactions without receiving the promised product.
Security researcher Dominic Alvieri was the first to uncover this malicious scheme on December 2, 2022. He identified three fraudulent Twitter accounts and two fake websites posing as the official sellers of Flipper Zero. One of the Twitter accounts closely resembled the authentic Flipper Zero account, but upon closer inspection, Alvieri noticed that the fake account used a capital “I” instead of an “l” in the handle after the “F.”
The threat actor behind this scam employs various tactics, such as linking the checkout page to Bitcoin and Ethereum wallets and utilizing plisio.net invoices to accept cryptocurrency payments. Flipper Zero, a compact cybersecurity tool that resembles a toy but offers a wide range of features including RFID emulation, digital access key cloning, radio communications, NFC, infrared, and Bluetooth capabilities, was launched through a successful Kickstarter campaign in 2020. However, production issues have caused supply shortages, making it difficult to meet the growing demand for the device.
In September 2022, revenue holdbacks by digital payments platform PayPal further exacerbated the production challenges, jeopardizing the funding needed for new production batches. Taking advantage of the high demand and limited supply of Flipper Zero, the threat actor aims to lure unsuspecting buyers into purchasing the counterfeit product.
As of now, one online shop and two fake Twitter accounts associated with the scam are still operational. It is crucial for cybersecurity professionals and enthusiasts to exercise caution when making purchases online and to verify the authenticity of the sellers and products before completing any transactions. By remaining vigilant and informed, individuals can protect themselves from falling victim to such deceptive schemes in the digital landscape.