Fake sites impersonating Flipper Zero are in the wild, running campaigns to offer the hacking devices upon completing surveys.

Cashing on the Flipper Zero device’s popularity, these sites redirect users to scam sites where they steal PII and push malicious browser extensions. Flipper Zero confirmed such sites are in the wild and have been trying to take them down.

Malicious Flipper Zero Offers

Flipper Zero, the company that made an acceptable pen-testing device, is quick to impersonation attacks. The Flipper Zero device is a simple handy tool to let anyone tinker with a wide range of hardware, via RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and other means.

With many researchers and cybersecurity enthusiasts demonstrating how good this device was, it picked up popularity so quickly. And scammers are leveraging this fame to exploit unsuspicious customers. BleepingComputer noted a site FlipperZero(.)at, claiming to offer free Flipper Zero devices by simply filling out an offer.

To seem legit, the fake site copied everything from the original Flipper Zero website, including its terms and privacy policy, and even affixed a ‘Copyright 2023’ statement at the bottom! Claiming to offer a free Flipper Zero device on completing a survey offer, the site would collect personally identifiable information from the users – which in turn could be used for various malicious purposes.

Most of the links on this fake site redirect to https://trkrspace(.)com, a site known for hosting browser notification scams, shady browser search extensions, surveys, and strange affiliate sites. Whether they’ll be sending a device or not, the information stolen through this process could be a threat later.

Flipper Zero confirmed the BleepingComputer’s report that malicious websites exist, and they’re trying to pull them down on detection. “Various websites appear from time to time, we found this one earlier, and we have a process of dealing with them to protect our customers.”