Information technology specialists are targeted by a new phishing campaign that endorses a fake Flipper Zero tool. According to researchers, the infosec community could fall victim to this phishing campaign as it uses an attractive product.
The new Flipper Zero kit is a multi-functional portable cybersecurity tool for pen-testers and cybersecurity specialists. This tool enables an expert to tinker with different hardware by supporting radio communications, NFG, digital access key cloning, Bluetooth, RFID emulation, and infrared.
Currently, the product is facing several supply chain shortages because of some production issues, but its demand is growing daily. Threat actors have found an opportunity to abuse the demand for the product to steal credentials and crypto assets.
Threat actors are fake selling the Flipper Zero tool.
Researchers have spotted several entities trying to take advantage of the enormous demand for the Flipper Zero tool. The product currently lacks availability, which allowed the actors to develop fake shops and fake products to sell it.
Moreover, another researcher identified a new phishing campaign that uses two fake Flipper Zero stores and three fake Twitter accounts that advertises the product. Additionally, the fake Twitter accounts copied the handle of the official Flipper Zero account.
The fake Twitter account also communicates with inquiring customers about the availability of the Flipper Zero tool to create the impression that the profile is legitimate.
The attacker’s primary objective for this campaign is to redirect potential buyers to a phishing checkout page, where they could harvest information such as names, shipping addresses, and email addresses.
Furthermore, the victims are also given options to pay using Bitcoin or Ethereum. Subsequently, the attacker will be instructed to wait for a 15-minute processing time to place the fake order. However, the processing time is the moment for the hackers to exfiltrate the stolen data.
Cybersecurity experts explained that threat actors who use fake shops to deceive security enthusiasts into giving their information and crypto details are not new. Users should be wary of fake promotions, especially when the product has low availability and is in high demand.
