A new phishing campaign has been discovered targeting cybersecurity professionals and hacking enthusiasts with the idea of ​​stealing their cryptocurrency and obtaining sensitive identities (opens in new tab) information.

At the center of this attack is Flipper Zero – a portable multitool for pentesters, hackers and researchers. It can be used to explore all kinds of access control systems, RFID or radio protocols, Bluetooth, NFC and so on.

The tool started as a super successful Kickstarter project, but ran into numerous roadblocks in the production phase. As a result, demand far outstripped supply, creating a major opportunity for cybercriminals. Now, investigators have spotted multiple fake online stores selling Flipper Zero, as well as fake Twitter accounts promoting the stores. One of the accounts uses typosquatting to trick people (the “L” in Flipper is actually a capital “i”). These accounts are quite active, it was said, and respond relatively quickly to customer inquiries.

Steal data and crypto

Those who fall into the trap are eventually redirected to the phishing checkout page, where they have to submit a lot of sensitive data – email address, full name, and the mailing address. In addition, the only way to pay on these pages is with cryptocurrency – bitcoin or ether. However, investigators say the wallets listed in the fake stores are empty, so either no one fell for the trick, or the impostors are constantly changing their addresses to avoid being doxxed.

The company is trying to fight the plague, which has now also spread to Instagram, but to no avail. In a recent tweet, the company said, “Dear @Instagram and @InstagramComms, there are hundreds of fake and scam accounts imitating our official Flipper Zero Instagram account. These fraudulent accounts try to fool people and steal money. We cannot report them because we are denied to have a verified blue tick.”

Flipper Zero’s Kickstarter campaign was live in 2020 and was very successful. The initial campaign goal was $60,000 but ended up receiving more than $4.8 million in pledges. The first users shared their achievements on social media, much to the amusement of the masses, which only increased the hype of the product. However, production was significantly hampered when PayPal held onto $1.3 million for months.

In September 2020, the Flipper Zero team said the payment service decided to withhold the amount without explaining the reasoning, and after a quick back and forth decided to terminate the company’s account, jeopardizing the entire project. A few months later, in late November 2020, Flipper Zero, with the help of a legal team, managed to get about three-quarters of the money ($980,000), but was still left with about $350,000 to “mitigate potential claims” .

Through: Beeping computer (opens in new tab)