Several social media accounts and fake websites are pretending to sell the sought-after hacking tool Flipper Zero to lure cybersecurity professionals into making cryptocurrency transactions. This new campaign of angler phishing – a type of social media phishing that involves impersonating corporate social media accounts to interact with their customers – was first uncovered by security researcher Dominic Alvieri on December 2, 2022. On Twitter, Alvieri warned of three distinct Twitter accounts and two websites impersonating the official Flipper Zero seller to lure potential buyers into sending cryptocurrencies – without sending them the Flipper Zero device in exchange. At first glance, one of the Twitter accounts looked very similar to the official Flipper Zero. However, upon closer examination, the researcher discovered that the fake account’s handle used a capital “I” instead of an “l.” after the “F.” The threat actor seems to use different methods, including linking the shop checkout page to Bitcoin and Ethereum wallets and using plisio.net invoices to accept crypto payments. Flipper Zero is a small cybersecurity tool that looks like a children’s toy, but that offers hackers, pen-testers and cybersecurity enthusiasts a range of features, including RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and more.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.