A new phishing campaign has been uncovered targeting cybersecurity professionals and hacker enthusiasts with the idea of stealing their cryptocurrency and obtaining confidential identity information (opens in a new tab).
At the center of this attack is Flipper Zero, a portable multitool for pentesters, hackers, and scholars. It can be used to explore any kind of access control systems, RFID or radio protocols, Bluetooth, NFC, etc.
The tool started out as a very successful Kickstarter project, but it ran into many hurdles in the production stage. As a result, the demand far exceeded the supply, creating a huge opportunity for cybercriminals. Now, scholars have uncovered multiple fake online stores selling Flipper Zero, including fake Twitter accounts promoting the stores. One of the accounts uses typosquatting to try to lie to people (the "L" in Flipper is actually a capital "i"). These accounts are quite active, it was stated, responding somewhat quickly to inquiries from customers of the service.
Data theft and cryptography
Those who fall for the scam will occasionally be redirected to the phishing payment page, where they must submit a number of sensitive details: email address, name, and postal address. In addition to this, the only way to pay on these pages is with cryptocurrencies, either bitcoin or ether. However, scholars claim that the wallets listed on fake stores are empty, so no one was lied to or scammers continually change their addresses to avoid being fooled.
The company is trying to combat the plague, which has since spread to Instagram as well, but to no avail. In a recent tweet, the company said: “Dear @Instagram and @InstagramComms, there are hundreds of fake accounts and scams that mimic our official Flipper Zero Instagram account. These fraudulent accounts attempt to lie to people and steal money. We cannot report them because we are rejected for having a verified blue mark.
The Flipper Zero Kickstarter campaign was launched in 60,000 to great success. The original goal of the campaign was €4.8, but it ended up receiving more than €XNUMX million in pledges. Early adopters shared their achievements on social media, much to the amusement of the masses, which only made the product even more precious. However, production was significantly hampered when Paypal withheld US$XNUMX million for months.
In September 3, the Flipper Zero team claimed that the payment service decided to withhold the amount without explaining the reason and, after a quick back and forth, decided to void the company's account, putting the entire project at risk. . A few months later, at the end of November XNUMX, with the help of a legal team, Flipper Zero managed to get around XNUMX quarters of the funds (€XNUMX), but still kept €XNUMX. with zero for "mitigating any protest."
Via: BleepingComputer (opens in a new tab)