Flipper Zero

A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser extensions and scam sites.

Flipper Zero is a portable multi-functional cybersecurity tool for pen-testers and hacking enthusiasts. The tool allows researchers to tinker with a wide range of hardware by supporting RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and more.

Since its launch, security researchers have been demonstrating the device’s capabilities, raising the interest of hackers and researchers.

Due to the incredible buzz around the product, it is not surprising to see scammers trying to ride on its success by impersonating the brand.

Site impersonates Flipperzero.one

Last week, BleepingComputer was alerted to a website at flipperzero[.] promoted on social media and Reddit, claiming to offer free Flipper Zero devices by simply filling out an offer.

Fake FlipperZero site
Fake FlipperZero site
Source: BleepingComputer

The site impersonated the legitimate https://flipperzero.one/ site, including using the “Copyright 2023 – flipperzero – All Rights Reserved” statement and its Terms of Use and Privacy Pages linking to the legitimate site.

Flipperzero copyright at the bottom of page
Flipperzero copyright at the bottom of page
Source: BleepingComputer

However, almost all other links on the page go to offers hosted on https://trkrspace[.]com/, a platform known for hosting browser notification scams, shady browser search extensions, surveys, and strange affiliate sites.

While visitors may receive the device after completing an offer, a security researcher told BleepingComputer that many of the offers from these sites are fake and are only used to collect personal information, such as names, addresses, and email addresses, for use in phishing scams and other malicious campaigns.

Offered survey
Offered survey
Source: BleepingComputer

BleepingComputer also tested some of the displayed browser notification pages and immediately began receiving browser tech support scams, saying that a “subscription payment” failed, our system was overloaded, or we needed security software.

Scam ads shown by browser notifications
Scam ads shown by browser notifications
Source: BleepingComputer

After contacting Flipper Devices about the site, BleepingComputer was told that they are not affiliated and working to take the site down to protect their customers.

“We can confirm that this website is not affiliated with Flipper Devices,” Flipper Devices told BleepingComputer.

“Various websites appear from time to time, we found this one earlier, and we have a process of dealing with them to protect our customers.”

Unfortunately, the site remains live today, so it is important only to use the legitimate flipperzero.one site to obtain the device. 

As long as the interest in Flipper Zero continues, cybercriminals and scammers will impersonate the brand through fake shops, ads, and sites to trick security enthusiasts into giving up their personal information.

Due to this, it is vital to be on the lookout for these promotions and only buy from the official store.

Source: www.bleepingcomputer.com